./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor250170502
<...>
Warning: Permanently added '10.128.0.204' (ED25519) to the list of known hosts.
execve("./syz-executor250170502", ["./syz-executor250170502"], 0x7ffca2503550 /* 10 vars */) = 0
brk(NULL) = 0x555557163000
brk(0x555557163d00) = 0x555557163d00
arch_prctl(ARCH_SET_FS, 0x555557163380) = 0
set_tid_address(0x555557163650) = 296
set_robust_list(0x555557163660, 24) = 0
rseq(0x555557163ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor250170502", 4096) = 27
getrandom("\x31\x02\x87\x1c\xbb\xe5\xce\xd0", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557163d00
brk(0x555557184d00) = 0x555557184d00
brk(0x555557185000) = 0x555557185000
mprotect(0x7f1011629000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.OhvE9q", 0700) = 0
chmod("./syzkaller.OhvE9q", 0777) = 0
chdir("./syzkaller.OhvE9q") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 297
executing program
./strace-static-x86_64: Process 297 attached
[pid 297] set_robust_list(0x555557163660, 24) = 0
[pid 297] chdir("./0") = 0
[pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 297] setpgid(0, 0) = 0
[pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 297] write(3, "1000", 4) = 4
[pid 297] close(3) = 0
[pid 297] symlink("/dev/binderfs", "./binderfs") = 0
[pid 297] write(1, "executing program\n", 18) = 18
[pid 297] memfd_create("syzkaller", 0) = 3
[pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 297] munmap(0x7f1009176000, 138412032) = 0
[pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.776098][ T28] audit: type=1400 audit(1724163445.142:66): avc: denied { execmem } for pid=296 comm="syz-executor250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 22.795754][ T28] audit: type=1400 audit(1724163445.152:67): avc: denied { read write } for pid=296 comm="syz-executor250" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 22.810245][ T297] loop0: detected capacity change from 0 to 1024
[pid 297] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 297] close(3) = 0
[pid 297] close(4) = 0
[pid 297] mkdir("./file1", 0777) = 0
[ 22.820354][ T28] audit: type=1400 audit(1724163445.152:68): avc: denied { open } for pid=296 comm="syz-executor250" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 22.830410][ T297] EXT4-fs: Ignoring removed orlov option
[ 22.850753][ T28] audit: type=1400 audit(1724163445.152:69): avc: denied { ioctl } for pid=296 comm="syz-executor250" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 22.855765][ T297] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 22.880838][ T28] audit: type=1400 audit(1724163445.192:70): avc: denied { mounton } for pid=297 comm="syz-executor250" path="/root/syzkaller.OhvE9q/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 22.917739][ T297] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 297] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 297] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 297] chdir("./file1") = 0
[pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 297] ioctl(4, LOOP_CLR_FD) = 0
[pid 297] close(4) = 0
[pid 297] chdir("./file0") = 0
[pid 297] creat("./bus", 000) = 4
[pid 297] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 297] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 297] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 297] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 297] exit_group(0) = ?
[pid 297] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/lost+found") = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file0") = 0
umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file1") = 0
umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
[ 22.926100][ T28] audit: type=1400 audit(1724163445.292:71): avc: denied { mount } for pid=297 comm="syz-executor250" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 22.947763][ T28] audit: type=1400 audit(1724163445.292:72): avc: denied { write } for pid=297 comm="syz-executor250" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
close(5) = 0
[ 22.949410][ T296] ==================================================================
[ 22.969963][ T28] audit: type=1400 audit(1724163445.292:73): avc: denied { add_name } for pid=297 comm="syz-executor250" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 22.977722][ T296] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[ 22.998212][ T28] audit: type=1400 audit(1724163445.292:74): avc: denied { create } for pid=297 comm="syz-executor250" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 23.006001][ T296] Read of size 4 at addr ffff888124f39000 by task syz-executor250/296
[ 23.026557][ T28] audit: type=1400 audit(1724163445.292:75): avc: denied { write open } for pid=297 comm="syz-executor250" path="/root/syzkaller.OhvE9q/0/file1/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 23.034038][ T296]
[ 23.034054][ T296] CPU: 1 PID: 296 Comm: syz-executor250 Not tainted 6.1.90-syzkaller-00023-gedca080b95df #0
[ 23.071357][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 23.081260][ T296] Call Trace:
[ 23.084376][ T296]
[ 23.087163][ T296] dump_stack_lvl+0x151/0x1b7
[ 23.091666][ T296] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 23.097018][ T296] ? _printk+0xd1/0x111
[ 23.100962][ T296] ? __virt_addr_valid+0x242/0x2f0
[ 23.105898][ T296] print_report+0x158/0x4e0
[ 23.110241][ T296] ? __virt_addr_valid+0x242/0x2f0
[ 23.115185][ T296] ? kasan_addr_to_slab+0xd/0x80
[ 23.119960][ T296] ? ext4_xattr_delete_inode+0xcd0/0xce0
[ 23.125428][ T296] kasan_report+0x13c/0x170
[ 23.129768][ T296] ? ext4_xattr_delete_inode+0xcd0/0xce0
[ 23.135236][ T296] __asan_report_load4_noabort+0x14/0x20
[ 23.140704][ T296] ext4_xattr_delete_inode+0xcd0/0xce0
[ 23.145996][ T296] ? sb_end_intwrite+0x130/0x130
[ 23.150857][ T296] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40
[ 23.156762][ T296] ? __kasan_check_read+0x11/0x20
[ 23.161620][ T296] ? ext4_inode_is_fast_symlink+0x295/0x3d0
[ 23.167348][ T296] ? ext4_evict_inode+0xbc2/0x1550
[ 23.172294][ T296] ext4_evict_inode+0xef9/0x1550
[ 23.177068][ T296] ? _raw_spin_unlock+0x4c/0x70
[ 23.181754][ T296] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[ 23.187483][ T296] ? _raw_spin_unlock+0x4c/0x70
[ 23.192174][ T296] ? inode_io_list_del+0x18b/0x1a0
[ 23.197117][ T296] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[ 23.202847][ T296] evict+0x2a3/0x630
[ 23.206581][ T296] iput+0x616/0x690
[ 23.210231][ T296] vfs_rmdir+0x3c2/0x500
[ 23.214311][ T296] do_rmdir+0x3ab/0x630
[ 23.218295][ T296] ? d_delete_notify+0x160/0x160
[ 23.223066][ T296] ? strncpy_from_user+0x169/0x2b0
[ 23.228016][ T296] ? getname_flags+0x1fd/0x520
[ 23.232616][ T296] __x64_sys_rmdir+0x49/0x50
[ 23.237043][ T296] x64_sys_call+0x274/0x9a0
[ 23.241380][ T296] do_syscall_64+0x3b/0xb0
[ 23.245635][ T296] ? clear_bhb_loop+0x55/0xb0
[ 23.250148][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 23.255880][ T296] RIP: 0033:0x7f10115b4dc7
[ 23.260130][ T296] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 23.279572][ T296] RSP: 002b:00007ffd1452daa8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
[ 23.287817][ T296] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f10115b4dc7
[ 23.295625][ T296] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffd1452ec50
[ 23.303436][ T296] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000
[ 23.311247][ T296] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd1452ec50
[ 23.319059][ T296] R13: 0000555557174740 R14: 431bde82d7b634db R15: 00007ffd14530dd0
[ 23.326876][ T296]
[ 23.329734][ T296]
[ 23.331903][ T296] The buggy address belongs to the physical page:
[ 23.338163][ T296] page:ffffea000493ce40 refcount:2 mapcount:1 mapping:0000000000000000 index:0x557671e55 pfn:0x124f39
[ 23.348915][ T296] memcg:ffff88810033a000
[ 23.352993][ T296] anon flags: 0x40000000000a0024(uptodate|active|mappedtodisk|swapbacked|zone=1)
[ 23.361940][ T296] raw: 40000000000a0024 0000000000000000 dead000000000122 ffff88810f6cf8a1
[ 23.370359][ T296] raw: 0000000557671e55 0000000000000000 0000000200000000 ffff88810033a000
[ 23.378771][ T296] page dumped because: kasan: bad access detected
[ 23.385030][ T296] page_owner tracks the page as allocated
[ 23.390577][ T296] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 91, tgid 91 (klogd), ts 23059490576, free_ts 17207774876
[ 23.409067][ T296] post_alloc_hook+0x213/0x220
[ 23.413660][ T296] prep_new_page+0x1b/0x110
[ 23.418001][ T296] get_page_from_freelist+0x27ea/0x2870
[ 23.423383][ T296] __alloc_pages+0x3a1/0x780
[ 23.427808][ T296] __folio_alloc+0x15/0x40
[ 23.432062][ T296] handle_mm_fault+0x1cf7/0x30e0
[ 23.436835][ T296] exc_page_fault+0x3b3/0x700
[ 23.441349][ T296] asm_exc_page_fault+0x27/0x30
[ 23.446036][ T296] page last free stack trace:
[ 23.450548][ T296] free_unref_page_prepare+0x83d/0x850
[ 23.455849][ T296] free_unref_page_list+0xf1/0x7b0
[ 23.460789][ T296] release_pages+0xf7f/0xfe0
[ 23.465234][ T296] free_pages_and_swap_cache+0x8a/0xa0
[ 23.470600][ T296] tlb_finish_mmu+0x1e0/0x3f0
[ 23.475110][ T296] unmap_region+0x2c1/0x310
[ 23.479450][ T296] do_mas_align_munmap+0xd05/0x1400
[ 23.484483][ T296] do_mas_munmap+0x23e/0x2b0
[ 23.488911][ T296] __vm_munmap+0x263/0x3a0
[ 23.493164][ T296] __x64_sys_munmap+0x6b/0x80
[ 23.497682][ T296] x64_sys_call+0x75/0x9a0
[ 23.501931][ T296] do_syscall_64+0x3b/0xb0
[ 23.506182][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 23.511910][ T296]
[ 23.514077][ T296] Memory state around the buggy address:
[ 23.519552][ T296] ffff888124f38f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.527449][ T296] ffff888124f38f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.535347][ T296] >ffff888124f39000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.543240][ T296] ^
[ 23.547152][ T296] ffff888124f39080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.555045][ T296] ffff888124f39100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.562943][ T296] ==================================================================
rmdir("./0/file1/file0") = 0
umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file1") = 0
umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file2") = 0
umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file3") = 0
umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = -1 EBUSY (Device or resource busy)
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 304
./strace-static-x86_64: Process 304 attached
[pid 304] set_robust_list(0x555557163660, 24) = 0
[pid 304] chdir("./1") = 0
[pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 304] setpgid(0, 0) = 0
[pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 304] write(3, "1000", 4) = 4
[pid 304] close(3) = 0
[pid 304] symlink("/dev/binderfs", "./binderfs") = 0
[pid 304] write(1, "executing program\n", 18executing program
) = 18
[pid 304] memfd_create("syzkaller", 0) = 3
[pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 304] munmap(0x7f1009176000, 138412032) = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 304] close(3) = 0
[pid 304] close(4) = 0
[pid 304] mkdir("./file1", 0777) = 0
[ 23.574951][ T296] Disabling lock debugging due to kernel taint
[ 23.588768][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 23.612178][ T304] loop0: detected capacity change from 0 to 1024
[ 23.620211][ T304] EXT4-fs: Ignoring removed orlov option
[pid 304] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 304] chdir("./file1") = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_CLR_FD) = 0
[pid 304] close(4) = 0
[pid 304] chdir("./file0") = 0
[pid 304] creat("./bus", 000) = 4
[pid 304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 304] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 304] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 304] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 304] exit_group(0) = ?
[pid 304] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/lost+found") = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file0") = 0
umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file1") = 0
umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/file0") = 0
umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file1") = 0
umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file2") = 0
umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file3") = 0
umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = -1 EBUSY (Device or resource busy)
[ 23.625878][ T304] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 23.637718][ T304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] set_robust_list(0x555557163660, 24) = 0
[pid 308] chdir("./2") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] close(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
[pid 308] write(1, "executing program\n", 18) = 18
[pid 308] memfd_create("syzkaller", 0) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 308] munmap(0x7f1009176000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] close(3) = 0
[pid 308] close(4) = 0
[pid 308] mkdir("./file1", 0777) = 0
[ 23.678818][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 23.699876][ T308] loop0: detected capacity change from 0 to 1024
[ 23.707922][ T308] EXT4-fs: Ignoring removed orlov option
[ 23.713441][ T308] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 308] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file1") = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] close(4) = 0
[pid 308] chdir("./file0") = 0
[pid 308] creat("./bus", 000) = 4
[pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 308] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 308] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/lost+found") = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file0") = 0
umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file1") = 0
umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/file0") = 0
umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file1") = 0
umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file2") = 0
umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file3") = 0
umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file1") = -1 EBUSY (Device or resource busy)
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./2/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 311
./strace-static-x86_64: Process 311 attached
[pid 311] set_robust_list(0x555557163660, 24) = 0
[pid 311] chdir("./3") = 0
[pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 311] setpgid(0, 0) = 0
[pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 311] write(3, "1000", 4) = 4
[pid 311] close(3) = 0
[pid 311] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 311] write(1, "executing program\n", 18) = 18
[pid 311] memfd_create("syzkaller", 0) = 3
[pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 311] munmap(0x7f1009176000, 138412032) = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 311] close(3) = 0
[ 23.737421][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 23.763828][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 23.779494][ T311] loop0: detected capacity change from 0 to 1024
[pid 311] close(4) = 0
[pid 311] mkdir("./file1", 0777) = 0
[pid 311] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 311] chdir("./file1") = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_CLR_FD) = 0
[pid 311] close(4) = 0
[pid 311] chdir("./file0") = 0
[pid 311] creat("./bus", 000) = 4
[pid 311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 311] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 311] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 311] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 311] exit_group(0) = ?
[pid 311] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/lost+found") = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file0") = 0
umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file1") = 0
umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/file0") = 0
umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file1") = 0
umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file2") = 0
umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file3") = 0
umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file1") = -1 EBUSY (Device or resource busy)
[ 23.786895][ T311] EXT4-fs: Ignoring removed orlov option
[ 23.792564][ T311] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 23.817290][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./3/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 314
./strace-static-x86_64: Process 314 attached
[pid 314] set_robust_list(0x555557163660, 24) = 0
[pid 314] chdir("./4") = 0
[pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 314] setpgid(0, 0) = 0
[pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 314] write(3, "1000", 4) = 4
[pid 314] close(3) = 0
[pid 314] symlink("/dev/binderfs", "./binderfs") = 0
[pid 314] write(1, "executing program\n", 18executing program
) = 18
[pid 314] memfd_create("syzkaller", 0) = 3
[pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 314] munmap(0x7f1009176000, 138412032) = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 314] close(3) = 0
[pid 314] close(4) = 0
[pid 314] mkdir("./file1", 0777) = 0
[ 23.845027][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 23.866341][ T314] loop0: detected capacity change from 0 to 1024
[ 23.874180][ T314] EXT4-fs: Ignoring removed orlov option
[ 23.880129][ T314] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 314] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 314] chdir("./file1") = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_CLR_FD) = 0
[pid 314] close(4) = 0
[pid 314] chdir("./file0") = 0
[pid 314] creat("./bus", 000) = 4
[pid 314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 314] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 314] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 314] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 314] exit_group(0) = ?
[pid 314] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/lost+found") = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file0") = 0
umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file1") = 0
umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/file0") = 0
umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file1") = 0
umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file2") = 0
umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file3") = 0
umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file1") = -1 EBUSY (Device or resource busy)
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./4/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 317 attached
[pid 317] set_robust_list(0x555557163660, 24) = 0
[pid 317] chdir("./5") = 0
[pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 317] setpgid(0, 0) = 0
[pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 317] write(3, "1000", 4) = 4
[pid 317] close(3) = 0
[pid 317] symlink("/dev/binderfs", "./binderfs") = 0
[pid 317] write(1, "executing program\n", 18) = 18
[pid 317] memfd_create("syzkaller", 0) = 3
[pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288
[pid 296] <... clone resumed>, child_tidptr=0x555557163650) = 317
[pid 317] <... write resumed>) = 524288
[pid 317] munmap(0x7f1009176000, 138412032) = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.897602][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 23.927282][ T296] EXT4-fs (loop0): unmounting filesystem.
[pid 317] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 317] close(3) = 0
[pid 317] close(4) = 0
[pid 317] mkdir("./file1", 0777) = 0
[pid 317] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 317] chdir("./file1") = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 317] ioctl(4, LOOP_CLR_FD) = 0
[pid 317] close(4) = 0
[pid 317] chdir("./file0") = 0
[pid 317] creat("./bus", 000) = 4
[pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 317] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 317] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 317] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 317] exit_group(0) = ?
[pid 317] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/lost+found") = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file0") = 0
umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file1") = 0
umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/file0") = 0
umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file1") = 0
umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file2") = 0
umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file3") = 0
umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file1") = -1 EBUSY (Device or resource busy)
[ 23.952206][ T317] loop0: detected capacity change from 0 to 1024
[ 23.959153][ T317] EXT4-fs: Ignoring removed orlov option
[ 23.964750][ T317] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 23.977195][ T317] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./5/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 320
./strace-static-x86_64: Process 320 attached
[pid 320] set_robust_list(0x555557163660, 24) = 0
[pid 320] chdir("./6") = 0
[pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 320] setpgid(0, 0) = 0
[pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 320] write(3, "1000", 4) = 4
[pid 320] close(3) = 0
[pid 320] symlink("/dev/binderfs", "./binderfs") = 0
[pid 320] write(1, "executing program\n", 18executing program
) = 18
[pid 320] memfd_create("syzkaller", 0) = 3
[pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 320] munmap(0x7f1009176000, 138412032) = 0
[pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 320] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 320] close(3) = 0
[pid 320] close(4) = 0
[pid 320] mkdir("./file1", 0777) = 0
[pid 320] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[ 24.005102][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.023188][ T320] loop0: detected capacity change from 0 to 1024
[ 24.030324][ T320] EXT4-fs: Ignoring removed orlov option
[ 24.035829][ T320] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 320] chdir("./file1") = 0
[pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 320] ioctl(4, LOOP_CLR_FD) = 0
[pid 320] close(4) = 0
[pid 320] chdir("./file0") = 0
[pid 320] creat("./bus", 000) = 4
[pid 320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 320] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 320] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 320] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 320] exit_group(0) = ?
[pid 320] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/lost+found") = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file0") = 0
umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file1") = 0
umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/file0") = 0
umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file1") = 0
umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file2") = 0
umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file3") = 0
umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file1") = -1 EBUSY (Device or resource busy)
[ 24.047583][ T320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./6/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 323
./strace-static-x86_64: Process 323 attached
[pid 323] set_robust_list(0x555557163660, 24) = 0
[pid 323] chdir("./7") = 0
[pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 323] setpgid(0, 0) = 0
[pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 323] write(3, "1000", 4) = 4
[pid 323] close(3) = 0
[pid 323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 323] write(1, "executing program\n", 18) = 18
[pid 323] memfd_create("syzkaller", 0) = 3
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 323] munmap(0x7f1009176000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 323] close(3) = 0
[pid 323] close(4) = 0
[pid 323] mkdir("./file1", 0777) = 0
[ 24.083672][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.100398][ T323] loop0: detected capacity change from 0 to 1024
[ 24.108295][ T323] EXT4-fs: Ignoring removed orlov option
[ 24.113818][ T323] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 323] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 323] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 323] chdir("./file1") = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 323] ioctl(4, LOOP_CLR_FD) = 0
[pid 323] close(4) = 0
[pid 323] chdir("./file0") = 0
[pid 323] creat("./bus", 000) = 4
[pid 323] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 323] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 323] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 323] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 323] exit_group(0) = ?
[pid 323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/lost+found") = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file0") = 0
umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file1") = 0
umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/file0") = 0
umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file1") = 0
umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file2") = 0
umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file3") = 0
umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file1") = -1 EBUSY (Device or resource busy)
[ 24.127267][ T323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./7/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 326
./strace-static-x86_64: Process 326 attached
[pid 326] set_robust_list(0x555557163660, 24) = 0
[pid 326] chdir("./8") = 0
[pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 326] setpgid(0, 0) = 0
[pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 326] write(3, "1000", 4) = 4
[pid 326] close(3) = 0
[pid 326] symlink("/dev/binderfs", "./binderfs") = 0
[pid 326] write(1, "executing program\n", 18executing program
) = 18
[pid 326] memfd_create("syzkaller", 0) = 3
[pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 326] munmap(0x7f1009176000, 138412032) = 0
[pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 326] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 326] close(3) = 0
[pid 326] close(4) = 0
[pid 326] mkdir("./file1", 0777) = 0
[ 24.154157][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.175260][ T326] loop0: detected capacity change from 0 to 1024
[ 24.182466][ T326] EXT4-fs: Ignoring removed orlov option
[ 24.188181][ T326] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 326] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 326] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 326] chdir("./file1") = 0
[pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 326] ioctl(4, LOOP_CLR_FD) = 0
[pid 326] close(4) = 0
[pid 326] chdir("./file0") = 0
[pid 326] creat("./bus", 000) = 4
[pid 326] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 326] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 326] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 326] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 326] exit_group(0) = ?
[pid 326] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/lost+found") = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file0") = 0
umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file1") = 0
umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/file0") = 0
umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file1") = 0
umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file2") = 0
umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file3") = 0
umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file1") = -1 EBUSY (Device or resource busy)
[ 24.197380][ T326] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./8/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x555557163660, 24) = 0
[pid 329] chdir("./9") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 329] write(1, "executing program\n", 18executing program
) = 18
[pid 329] memfd_create("syzkaller", 0) = 3
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 329] munmap(0x7f1009176000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 329] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 329] close(3) = 0
[pid 329] close(4) = 0
[pid 329] mkdir("./file1", 0777) = 0
[ 24.230407][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.251961][ T329] loop0: detected capacity change from 0 to 1024
[ 24.259010][ T329] EXT4-fs: Ignoring removed orlov option
[ 24.264511][ T329] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 329] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 329] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 329] chdir("./file1") = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 329] ioctl(4, LOOP_CLR_FD) = 0
[pid 329] close(4) = 0
[pid 329] chdir("./file0") = 0
[pid 329] creat("./bus", 000) = 4
[pid 329] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 329] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 329] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 329] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 329] exit_group(0) = ?
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/lost+found") = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file0") = 0
umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file1") = 0
umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/file0") = 0
umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file1") = 0
umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file2") = 0
umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file3") = 0
umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file1") = -1 EBUSY (Device or resource busy)
[ 24.277347][ T329] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./9/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 332 attached
, child_tidptr=0x555557163650) = 332
[pid 332] set_robust_list(0x555557163660, 24) = 0
[pid 332] chdir("./10") = 0
[pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 332] setpgid(0, 0) = 0
[pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 332] write(3, "1000", 4) = 4
[pid 332] close(3) = 0
[pid 332] symlink("/dev/binderfs", "./binderfs") = 0
[pid 332] write(1, "executing program\n", 18executing program
) = 18
[pid 332] memfd_create("syzkaller", 0) = 3
[pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 332] munmap(0x7f1009176000, 138412032) = 0
[pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 332] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 332] close(3) = 0
[pid 332] close(4) = 0
[pid 332] mkdir("./file1", 0777) = 0
[pid 332] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[ 24.305111][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.324775][ T332] loop0: detected capacity change from 0 to 1024
[ 24.332590][ T332] EXT4-fs: Ignoring removed orlov option
[ 24.338161][ T332] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 332] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 332] chdir("./file1") = 0
[pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 332] ioctl(4, LOOP_CLR_FD) = 0
[pid 332] close(4) = 0
[pid 332] chdir("./file0") = 0
[pid 332] creat("./bus", 000) = 4
[pid 332] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 332] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 332] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 332] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 332] exit_group(0) = ?
[pid 332] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/lost+found") = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file0") = 0
umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file1") = 0
umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/file0") = 0
umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file1") = 0
umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file2") = 0
umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file3") = 0
umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file1") = -1 EBUSY (Device or resource busy)
[ 24.347516][ T332] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./10/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 335 attached
, child_tidptr=0x555557163650) = 335
[pid 335] set_robust_list(0x555557163660, 24executing program
) = 0
[pid 335] chdir("./11") = 0
[pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 335] setpgid(0, 0) = 0
[pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 335] write(3, "1000", 4) = 4
[pid 335] close(3) = 0
[pid 335] symlink("/dev/binderfs", "./binderfs") = 0
[pid 335] write(1, "executing program\n", 18) = 18
[pid 335] memfd_create("syzkaller", 0) = 3
[pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 335] munmap(0x7f1009176000, 138412032) = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 335] close(3) = 0
[pid 335] close(4) = 0
[pid 335] mkdir("./file1", 0777) = 0
[pid 335] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 335] chdir("./file1") = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_CLR_FD) = 0
[pid 335] close(4) = 0
[pid 335] chdir("./file0") = 0
[pid 335] creat("./bus", 000) = 4
[pid 335] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 335] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 335] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 335] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 335] exit_group(0) = ?
[pid 335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/lost+found") = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file0") = 0
umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file1") = 0
umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/file0") = 0
umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file1") = 0
umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file2") = 0
umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file3") = 0
umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file1") = -1 EBUSY (Device or resource busy)
[ 24.376547][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.394233][ T335] loop0: detected capacity change from 0 to 1024
[ 24.402213][ T335] EXT4-fs: Ignoring removed orlov option
[ 24.407965][ T335] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 24.417688][ T335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./11/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 338
./strace-static-x86_64: Process 338 attached
[pid 338] set_robust_list(0x555557163660, 24) = 0
[pid 338] chdir("./12") = 0
[pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 338] setpgid(0, 0) = 0
[pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 338] write(3, "1000", 4) = 4
[pid 338] close(3) = 0
[pid 338] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 338] write(1, "executing program\n", 18) = 18
[pid 338] memfd_create("syzkaller", 0) = 3
[pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 338] munmap(0x7f1009176000, 138412032) = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 338] close(3) = 0
[pid 338] close(4) = 0
[pid 338] mkdir("./file1", 0777) = 0
[ 24.444494][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.459992][ T338] loop0: detected capacity change from 0 to 1024
[ 24.467448][ T338] EXT4-fs: Ignoring removed orlov option
[ 24.472945][ T338] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 338] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 338] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 338] chdir("./file1") = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_CLR_FD) = 0
[pid 338] close(4) = 0
[pid 338] chdir("./file0") = 0
[pid 338] creat("./bus", 000) = 4
[pid 338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 338] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 338] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 338] exit_group(0) = ?
[pid 338] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/lost+found") = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file0") = 0
umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file1") = 0
umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/file0") = 0
umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file1") = 0
umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file2") = 0
umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file3") = 0
umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file1") = -1 EBUSY (Device or resource busy)
[ 24.487375][ T338] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./12/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x555557163660, 24) = 0
[pid 342] chdir("./13") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] write(1, "executing program\n", 18) = 18
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 342] munmap(0x7f1009176000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] close(3) = 0
[pid 342] close(4) = 0
[pid 342] mkdir("./file1", 0777) = 0
[pid 342] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("./file1") = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] close(4) = 0
[pid 342] chdir("./file0") = 0
[pid 342] creat("./bus", 000) = 4
[pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 342] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 342] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 342] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/lost+found") = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file0") = 0
umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file1") = 0
umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/file0") = 0
umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file1") = 0
umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file2") = 0
umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file3") = 0
umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file1") = -1 EBUSY (Device or resource busy)
[ 24.516768][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.535546][ T342] loop0: detected capacity change from 0 to 1024
[ 24.542723][ T342] EXT4-fs: Ignoring removed orlov option
[ 24.548347][ T342] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 24.557216][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./13/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x555557163660, 24) = 0
[pid 345] chdir("./14") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] write(1, "executing program\n", 18executing program
) = 18
[pid 345] memfd_create("syzkaller", 0) = 3
[pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 345] munmap(0x7f1009176000, 138412032) = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 345] close(3) = 0
[pid 345] close(4) = 0
[pid 345] mkdir("./file1", 0777) = 0
[ 24.591555][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.607941][ T345] loop0: detected capacity change from 0 to 1024
[ 24.615821][ T345] EXT4-fs: Ignoring removed orlov option
[ 24.621486][ T345] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 345] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 345] chdir("./file1") = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_CLR_FD) = 0
[pid 345] close(4) = 0
[pid 345] chdir("./file0") = 0
[pid 345] creat("./bus", 000) = 4
[pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 345] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 345] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/lost+found") = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file0") = 0
umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file1") = 0
umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/file0") = 0
umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file1") = 0
umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file2") = 0
umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file3") = 0
umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file1") = -1 EBUSY (Device or resource busy)
[ 24.637552][ T345] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./14/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x555557163660, 24) = 0
[pid 348] chdir("./15") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] write(1, "executing program\n", 18executing program
) = 18
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 348] munmap(0x7f1009176000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] close(4) = 0
[pid 348] mkdir("./file1", 0777) = 0
[ 24.671764][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.692770][ T348] loop0: detected capacity change from 0 to 1024
[ 24.700764][ T348] EXT4-fs: Ignoring removed orlov option
[ 24.706654][ T348] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 348] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("./file1") = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] chdir("./file0") = 0
[pid 348] creat("./bus", 000) = 4
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 348] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 348] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/lost+found") = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file0") = 0
umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file1") = 0
umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/file0") = 0
umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file1") = 0
umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file2") = 0
umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file3") = 0
umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file1") = -1 EBUSY (Device or resource busy)
[ 24.717440][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./15/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x555557163660, 24) = 0
[pid 351] chdir("./16") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] close(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 351] write(1, "executing program\n", 18executing program
) = 18
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 351] munmap(0x7f1009176000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] close(3) = 0
[pid 351] close(4) = 0
[pid 351] mkdir("./file1", 0777) = 0
[ 24.748885][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.768617][ T351] loop0: detected capacity change from 0 to 1024
[ 24.775705][ T351] EXT4-fs: Ignoring removed orlov option
[ 24.781283][ T351] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 351] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("./file1") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] close(4) = 0
[pid 351] chdir("./file0") = 0
[pid 351] creat("./bus", 000) = 4
[pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 351] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 351] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/lost+found") = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file0") = 0
umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file1") = 0
umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/file0") = 0
umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file1") = 0
umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file2") = 0
umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file3") = 0
umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file1") = -1 EBUSY (Device or resource busy)
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./16/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x555557163660, 24) = 0
[pid 354] chdir("./17") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] write(1, "executing program\n", 18) = 18
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 354] munmap(0x7f1009176000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.797468][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.831135][ T296] EXT4-fs (loop0): unmounting filesystem.
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] close(4) = 0
[pid 354] mkdir("./file1", 0777) = 0
[pid 354] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file1") = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] chdir("./file0") = 0
[pid 354] creat("./bus", 000) = 4
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 354] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 354] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/lost+found") = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file0") = 0
umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file1") = 0
umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/file0") = 0
umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file1") = 0
umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file2") = 0
umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file3") = 0
umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file1") = -1 EBUSY (Device or resource busy)
[ 24.850745][ T354] loop0: detected capacity change from 0 to 1024
[ 24.858584][ T354] EXT4-fs: Ignoring removed orlov option
[ 24.864115][ T354] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 24.877394][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./17/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 357 attached
[pid 357] set_robust_list(0x555557163660, 24) = 0
[pid 357] chdir("./18") = 0
[pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 357] setpgid(0, 0) = 0
[pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 296] <... clone resumed>, child_tidptr=0x555557163650) = 357
[pid 357] <... openat resumed>) = 3
[pid 357] write(3, "1000", 4) = 4
[pid 357] close(3) = 0
[pid 357] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 357] write(1, "executing program\n", 18) = 18
[pid 357] memfd_create("syzkaller", 0) = 3
[pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 357] munmap(0x7f1009176000, 138412032) = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 357] close(3) = 0
[pid 357] close(4) = 0
[pid 357] mkdir("./file1", 0777) = 0
[ 24.904368][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.923114][ T357] loop0: detected capacity change from 0 to 1024
[ 24.931074][ T357] EXT4-fs: Ignoring removed orlov option
[ 24.936856][ T357] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 357] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 357] chdir("./file1") = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_CLR_FD) = 0
[pid 357] close(4) = 0
[pid 357] chdir("./file0") = 0
[pid 357] creat("./bus", 000) = 4
[pid 357] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 357] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 357] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 357] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 357] exit_group(0) = ?
[pid 357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/lost+found") = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file0") = 0
umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file1") = 0
umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/file0") = 0
umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file1") = 0
umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file2") = 0
umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file3") = 0
umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file1") = -1 EBUSY (Device or resource busy)
[ 24.947479][ T357] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./18/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 360
./strace-static-x86_64: Process 360 attached
[pid 360] set_robust_list(0x555557163660, 24) = 0
[pid 360] chdir("./19") = 0
[pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 360] setpgid(0, 0) = 0
[pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 360] write(3, "1000", 4) = 4
[pid 360] close(3) = 0
[pid 360] symlink("/dev/binderfs", "./binderfs") = 0
[pid 360] write(1, "executing program\n", 18) = 18
[pid 360] memfd_create("syzkaller", 0) = 3
[pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 360] munmap(0x7f1009176000, 138412032) = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 360] close(3) = 0
[pid 360] close(4) = 0
[pid 360] mkdir("./file1", 0777) = 0
[pid 360] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 360] chdir("./file1") = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_CLR_FD) = 0
[pid 360] close(4) = 0
[pid 360] chdir("./file0") = 0
[pid 360] creat("./bus", 000) = 4
[pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 360] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 360] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 360] exit_group(0) = ?
[pid 360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/lost+found") = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file0") = 0
umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file1") = 0
umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/file0") = 0
umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file1") = 0
umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file2") = 0
umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file3") = 0
umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file1") = -1 EBUSY (Device or resource busy)
[ 24.976877][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 24.994257][ T360] loop0: detected capacity change from 0 to 1024
[ 25.001373][ T360] EXT4-fs: Ignoring removed orlov option
[ 25.007081][ T360] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.017793][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./19/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 363
./strace-static-x86_64: Process 363 attached
[pid 363] set_robust_list(0x555557163660, 24) = 0
[pid 363] chdir("./20") = 0
[pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 363] setpgid(0, 0) = 0
[pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 363] write(3, "1000", 4) = 4
[pid 363] close(3) = 0
[pid 363] symlink("/dev/binderfs", "./binderfs") = 0
[pid 363] write(1, "executing program\n", 18) = 18
[pid 363] memfd_create("syzkaller", 0) = 3
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 363] munmap(0x7f1009176000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 363] close(3) = 0
[pid 363] close(4) = 0
[pid 363] mkdir("./file1", 0777) = 0
[pid 363] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 363] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 363] chdir("./file1") = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_CLR_FD) = 0
[pid 363] close(4) = 0
[pid 363] chdir("./file0") = 0
[pid 363] creat("./bus", 000) = 4
[pid 363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 363] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 363] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 363] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 363] exit_group(0) = ?
[pid 363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/lost+found") = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file0") = 0
umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file1") = 0
umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/file0") = 0
umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file1") = 0
umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file2") = 0
umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file3") = 0
umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file1") = -1 EBUSY (Device or resource busy)
[ 25.047377][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.064353][ T363] loop0: detected capacity change from 0 to 1024
[ 25.071542][ T363] EXT4-fs: Ignoring removed orlov option
[ 25.077271][ T363] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.087292][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./20/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 366
./strace-static-x86_64: Process 366 attached
[pid 366] set_robust_list(0x555557163660, 24) = 0
[pid 366] chdir("./21") = 0
[pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 366] setpgid(0, 0) = 0
[pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 366] write(3, "1000", 4) = 4
[pid 366] close(3) = 0
[pid 366] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 366] write(1, "executing program\n", 18) = 18
[pid 366] memfd_create("syzkaller", 0) = 3
[pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 366] munmap(0x7f1009176000, 138412032) = 0
[pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 366] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 366] close(3) = 0
[pid 366] close(4) = 0
[pid 366] mkdir("./file1", 0777) = 0
[ 25.114877][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.134452][ T366] loop0: detected capacity change from 0 to 1024
[ 25.142726][ T366] EXT4-fs: Ignoring removed orlov option
[ 25.148600][ T366] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 366] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 366] chdir("./file1") = 0
[pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 366] ioctl(4, LOOP_CLR_FD) = 0
[pid 366] close(4) = 0
[pid 366] chdir("./file0") = 0
[pid 366] creat("./bus", 000) = 4
[pid 366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 366] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 366] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 366] exit_group(0) = ?
[pid 366] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/lost+found") = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file0") = 0
umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file1") = 0
umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/file0") = 0
umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file1") = 0
umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file2") = 0
umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file3") = 0
umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file1") = -1 EBUSY (Device or resource busy)
[ 25.157341][ T366] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./21/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 369
./strace-static-x86_64: Process 369 attached
[pid 369] set_robust_list(0x555557163660, 24) = 0
[pid 369] chdir("./22") = 0
[pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 369] setpgid(0, 0) = 0
[pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 369] write(3, "1000", 4) = 4
[pid 369] close(3) = 0
[pid 369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 369] write(1, "executing program\n", 18) = 18
[pid 369] memfd_create("syzkaller", 0) = 3
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 369] munmap(0x7f1009176000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 369] close(3) = 0
[pid 369] close(4) = 0
[pid 369] mkdir("./file1", 0777) = 0
[ 25.189408][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.208582][ T369] loop0: detected capacity change from 0 to 1024
[ 25.216317][ T369] EXT4-fs: Ignoring removed orlov option
[ 25.221832][ T369] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 369] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 369] chdir("./file1") = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_CLR_FD) = 0
[pid 369] close(4) = 0
[pid 369] chdir("./file0") = 0
[pid 369] creat("./bus", 000) = 4
[pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 369] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 369] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 369] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 369] exit_group(0) = ?
[pid 369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/lost+found") = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file0") = 0
umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file1") = 0
umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/file0") = 0
umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file1") = 0
umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file2") = 0
umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file3") = 0
umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file1") = -1 EBUSY (Device or resource busy)
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./22/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 372
./strace-static-x86_64: Process 372 attached
[pid 372] set_robust_list(0x555557163660, 24) = 0
[pid 372] chdir("./23") = 0
[pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 372] setpgid(0, 0) = 0
[pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 372] write(3, "1000", 4) = 4
[pid 372] close(3) = 0
[pid 372] symlink("/dev/binderfs", "./binderfs") = 0
[pid 372] write(1, "executing program\n", 18executing program
) = 18
[pid 372] memfd_create("syzkaller", 0) = 3
[pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 372] munmap(0x7f1009176000, 138412032) = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.237398][ T369] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.272469][ T296] EXT4-fs (loop0): unmounting filesystem.
[pid 372] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 372] close(3) = 0
[pid 372] close(4) = 0
[pid 372] mkdir("./file1", 0777) = 0
[pid 372] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 372] chdir("./file1") = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_CLR_FD) = 0
[pid 372] close(4) = 0
[pid 372] chdir("./file0") = 0
[pid 372] creat("./bus", 000) = 4
[pid 372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 372] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 372] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 372] exit_group(0) = ?
[pid 372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/lost+found") = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file0") = 0
umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file1") = 0
umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/file0") = 0
umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file1") = 0
umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file2") = 0
umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file3") = 0
umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file1") = -1 EBUSY (Device or resource busy)
[ 25.293859][ T372] loop0: detected capacity change from 0 to 1024
[ 25.301048][ T372] EXT4-fs: Ignoring removed orlov option
[ 25.306947][ T372] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.317647][ T372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.333687][ T372] syz-executor250 (372) used greatest stack depth: 22088 bytes left
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./23/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x555557163660, 24) = 0
[pid 375] chdir("./24") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
executing program
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
[pid 375] write(1, "executing program\n", 18) = 18
[pid 375] memfd_create("syzkaller", 0) = 3
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 375] munmap(0x7f1009176000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 375] close(3) = 0
[pid 375] close(4) = 0
[pid 375] mkdir("./file1", 0777) = 0
[ 25.350768][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.370389][ T375] loop0: detected capacity change from 0 to 1024
[ 25.377555][ T375] EXT4-fs: Ignoring removed orlov option
[ 25.383060][ T375] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 375] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 375] chdir("./file1") = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_CLR_FD) = 0
[pid 375] close(4) = 0
[pid 375] chdir("./file0") = 0
[pid 375] creat("./bus", 000) = 4
[pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 375] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 375] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/lost+found") = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file0") = 0
umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file1") = 0
umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/file0") = 0
umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file1") = 0
umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file2") = 0
umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file3") = 0
umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file1") = -1 EBUSY (Device or resource busy)
[ 25.397293][ T375] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./24/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 378
./strace-static-x86_64: Process 378 attached
[pid 378] set_robust_list(0x555557163660, 24) = 0
[pid 378] chdir("./25") = 0
[pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 378] setpgid(0, 0) = 0
[pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 378] write(3, "1000", 4) = 4
[pid 378] close(3) = 0
[pid 378] symlink("/dev/binderfs", "./binderfs") = 0
[pid 378] write(1, "executing program\n", 18) = 18
[pid 378] memfd_create("syzkaller", 0) = 3
[pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 378] munmap(0x7f1009176000, 138412032) = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 378] close(3) = 0
[pid 378] close(4) = 0
[pid 378] mkdir("./file1", 0777) = 0
[pid 378] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 378] chdir("./file1") = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_CLR_FD) = 0
[pid 378] close(4) = 0
[pid 378] chdir("./file0") = 0
[pid 378] creat("./bus", 000) = 4
[pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 378] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 378] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 378] exit_group(0) = ?
[pid 378] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/lost+found") = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file0") = 0
umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file1") = 0
umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/file0") = 0
umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file1") = 0
umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file2") = 0
umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file3") = 0
umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file1") = -1 EBUSY (Device or resource busy)
[ 25.426665][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.444254][ T378] loop0: detected capacity change from 0 to 1024
[ 25.451314][ T378] EXT4-fs: Ignoring removed orlov option
[ 25.456937][ T378] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.467381][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./25/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 382
./strace-static-x86_64: Process 382 attached
[pid 382] set_robust_list(0x555557163660, 24) = 0
[pid 382] chdir("./26") = 0
[pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 382] setpgid(0, 0) = 0
[pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 382] write(3, "1000", 4) = 4
[pid 382] close(3) = 0
[pid 382] symlink("/dev/binderfs", "./binderfs") = 0
[pid 382] write(1, "executing program\n", 18) = 18
[pid 382] memfd_create("syzkaller", 0) = 3
[pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
executing program
[pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 382] munmap(0x7f1009176000, 138412032) = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 382] close(3) = 0
[pid 382] close(4) = 0
[pid 382] mkdir("./file1", 0777) = 0
[ 25.502559][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.521702][ T382] loop0: detected capacity change from 0 to 1024
[ 25.528701][ T382] EXT4-fs: Ignoring removed orlov option
[ 25.534196][ T382] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 382] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 382] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 382] chdir("./file1") = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_CLR_FD) = 0
[pid 382] close(4) = 0
[pid 382] chdir("./file0") = 0
[pid 382] creat("./bus", 000) = 4
[pid 382] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 382] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 382] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 382] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 382] exit_group(0) = ?
[pid 382] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/lost+found") = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file0") = 0
umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file1") = 0
umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/file0") = 0
umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file1") = 0
umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file2") = 0
umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file3") = 0
umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file1") = -1 EBUSY (Device or resource busy)
[ 25.547454][ T382] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./26/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 385
./strace-static-x86_64: Process 385 attached
[pid 385] set_robust_list(0x555557163660, 24) = 0
[pid 385] chdir("./27") = 0
[pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 385] setpgid(0, 0) = 0
[pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 385] write(3, "1000", 4) = 4
[pid 385] close(3) = 0
[pid 385] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 385] write(1, "executing program\n", 18) = 18
[pid 385] memfd_create("syzkaller", 0) = 3
[pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 385] munmap(0x7f1009176000, 138412032) = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 385] close(3) = 0
[pid 385] close(4) = 0
[pid 385] mkdir("./file1", 0777) = 0
[ 25.582632][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.603578][ T385] loop0: detected capacity change from 0 to 1024
[ 25.611724][ T385] EXT4-fs: Ignoring removed orlov option
[ 25.617510][ T385] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 385] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 385] chdir("./file1") = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_CLR_FD) = 0
[pid 385] close(4) = 0
[pid 385] chdir("./file0") = 0
[pid 385] creat("./bus", 000) = 4
[pid 385] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 385] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 385] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 385] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 385] exit_group(0) = ?
[pid 385] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/lost+found") = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file0") = 0
umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file1") = 0
umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/file0") = 0
umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file1") = 0
umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file2") = 0
umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file3") = 0
umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file1") = -1 EBUSY (Device or resource busy)
[ 25.627719][ T385] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./27/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 388
./strace-static-x86_64: Process 388 attached
[pid 388] set_robust_list(0x555557163660, 24) = 0
[pid 388] chdir("./28") = 0
[pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 388] setpgid(0, 0) = 0
[pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 388] write(3, "1000", 4) = 4
[pid 388] close(3) = 0
[pid 388] symlink("/dev/binderfs", "./binderfs") = 0
[pid 388] write(1, "executing program\n", 18executing program
) = 18
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 388] munmap(0x7f1009176000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[pid 388] close(4) = 0
[pid 388] mkdir("./file1", 0777) = 0
[ 25.656065][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.676922][ T388] loop0: detected capacity change from 0 to 1024
[ 25.685253][ T388] EXT4-fs: Ignoring removed orlov option
[ 25.690917][ T388] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 388] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("./file1") = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] chdir("./file0") = 0
[pid 388] creat("./bus", 000) = 4
[pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 388] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 388] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 388] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 388] exit_group(0) = ?
[pid 388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/lost+found") = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file0") = 0
umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file1") = 0
umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/file0") = 0
umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file1") = 0
umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file2") = 0
umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file3") = 0
umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file1") = -1 EBUSY (Device or resource busy)
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./28/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 391
./strace-static-x86_64: Process 391 attached
[pid 391] set_robust_list(0x555557163660, 24) = 0
[pid 391] chdir("./29") = 0
[pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 391] setpgid(0, 0) = 0
[pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 391] write(3, "1000", 4) = 4
[pid 391] close(3) = 0
[pid 391] symlink("/dev/binderfs", "./binderfs") = 0
[pid 391] write(1, "executing program\n", 18executing program
) = 18
[pid 391] memfd_create("syzkaller", 0) = 3
[pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 391] munmap(0x7f1009176000, 138412032) = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.707872][ T388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.735067][ T296] EXT4-fs (loop0): unmounting filesystem.
[pid 391] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 391] close(3) = 0
[pid 391] close(4) = 0
[pid 391] mkdir("./file1", 0777) = 0
[pid 391] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 391] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 391] chdir("./file1") = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_CLR_FD) = 0
[pid 391] close(4) = 0
[pid 391] chdir("./file0") = 0
[pid 391] creat("./bus", 000) = 4
[pid 391] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 391] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 391] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 391] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 391] exit_group(0) = ?
[pid 391] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/lost+found") = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file0") = 0
umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file1") = 0
umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/file0") = 0
umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file1") = 0
umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file2") = 0
umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file3") = 0
umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file1") = -1 EBUSY (Device or resource busy)
[ 25.755429][ T391] loop0: detected capacity change from 0 to 1024
[ 25.763110][ T391] EXT4-fs: Ignoring removed orlov option
[ 25.769025][ T391] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.777366][ T391] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./29/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 394
./strace-static-x86_64: Process 394 attached
[pid 394] set_robust_list(0x555557163660, 24) = 0
[pid 394] chdir("./30") = 0
[pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 394] setpgid(0, 0) = 0
[pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 394] write(3, "1000", 4) = 4
[pid 394] close(3) = 0
[pid 394] symlink("/dev/binderfs", "./binderfs") = 0
[pid 394] write(1, "executing program\n", 18executing program
) = 18
[pid 394] memfd_create("syzkaller", 0) = 3
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 394] munmap(0x7f1009176000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 394] close(3) = 0
[pid 394] close(4) = 0
[pid 394] mkdir("./file1", 0777) = 0
[pid 394] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 394] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 394] chdir("./file1") = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_CLR_FD) = 0
[pid 394] close(4) = 0
[pid 394] chdir("./file0") = 0
[pid 394] creat("./bus", 000) = 4
[pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 394] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 394] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 394] exit_group(0) = ?
[pid 394] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/lost+found") = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file0") = 0
umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file1") = 0
umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/file0") = 0
umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file1") = 0
umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file2") = 0
umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file3") = 0
umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file1") = -1 EBUSY (Device or resource busy)
[ 25.804268][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.823956][ T394] loop0: detected capacity change from 0 to 1024
[ 25.831327][ T394] EXT4-fs: Ignoring removed orlov option
[ 25.836911][ T394] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.847351][ T394] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./30/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 397
./strace-static-x86_64: Process 397 attached
[pid 397] set_robust_list(0x555557163660, 24) = 0
[pid 397] chdir("./31") = 0
[pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 397] setpgid(0, 0) = 0
[pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 397] write(3, "1000", 4) = 4
[pid 397] close(3) = 0
[pid 397] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 397] write(1, "executing program\n", 18) = 18
[pid 397] memfd_create("syzkaller", 0) = 3
[pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 397] munmap(0x7f1009176000, 138412032) = 0
[pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 397] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 397] close(3) = 0
[pid 397] close(4) = 0
[pid 397] mkdir("./file1", 0777) = 0
[pid 397] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 397] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 397] chdir("./file1") = 0
[pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 397] ioctl(4, LOOP_CLR_FD) = 0
[pid 397] close(4) = 0
[pid 397] chdir("./file0") = 0
[pid 397] creat("./bus", 000) = 4
[pid 397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 397] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 397] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 397] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 397] exit_group(0) = ?
[pid 397] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/lost+found") = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file0") = 0
umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file1") = 0
umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/file0") = 0
umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file1") = 0
umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file2") = 0
umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file3") = 0
umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file1") = -1 EBUSY (Device or resource busy)
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./31/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 400
./strace-static-x86_64: Process 400 attached
[pid 400] set_robust_list(0x555557163660, 24) = 0
[pid 400] chdir("./32") = 0
[pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 400] setpgid(0, 0) = 0
[pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 400] write(3, "1000", 4) = 4
[pid 400] close(3) = 0
[pid 400] symlink("/dev/binderfs", "./binderfs") = 0
[pid 400] write(1, "executing program\n", 18) = 18
[pid 400] memfd_create("syzkaller", 0) = 3
[pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 25.875893][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 25.892667][ T397] loop0: detected capacity change from 0 to 1024
[ 25.900162][ T397] EXT4-fs: Ignoring removed orlov option
[ 25.905687][ T397] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 25.917185][ T397] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 400] munmap(0x7f1009176000, 138412032) = 0
[pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 400] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 400] close(3) = 0
[pid 400] close(4) = 0
[pid 400] mkdir("./file1", 0777) = 0
[pid 400] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 400] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 400] chdir("./file1") = 0
[pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 400] ioctl(4, LOOP_CLR_FD) = 0
[pid 400] close(4) = 0
[pid 400] chdir("./file0") = 0
[pid 400] creat("./bus", 000) = 4
[pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 400] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 400] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 400] exit_group(0) = ?
[pid 400] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/lost+found") = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file0") = 0
umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file1") = 0
umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/file0") = 0
umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file1") = 0
umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file2") = 0
umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file3") = 0
umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file1") = -1 EBUSY (Device or resource busy)
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./32/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 403
./strace-static-x86_64: Process 403 attached
[pid 403] set_robust_list(0x555557163660, 24) = 0
[pid 403] chdir("./33") = 0
[pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 403] setpgid(0, 0) = 0
[pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 403] write(3, "1000", 4) = 4
[pid 403] close(3) = 0
[pid 403] symlink("/dev/binderfs", "./binderfs") = 0
[pid 403] write(1, "executing program\n", 18) = 18
[pid 403] memfd_create("syzkaller", 0) = 3
[pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 403] munmap(0x7f1009176000, 138412032) = 0
[pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.959595][ T400] loop0: detected capacity change from 0 to 1024
[ 25.966812][ T400] EXT4-fs: Ignoring removed orlov option
[ 25.972313][ T400] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 403] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 403] close(3) = 0
[pid 403] close(4) = 0
[pid 403] mkdir("./file1", 0777) = 0
[pid 403] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 403] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 403] chdir("./file1") = 0
[pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 403] ioctl(4, LOOP_CLR_FD) = 0
[pid 403] close(4) = 0
[pid 403] chdir("./file0") = 0
[pid 403] creat("./bus", 000) = 4
[pid 403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 403] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 403] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 403] exit_group(0) = ?
[pid 403] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=403, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 26.015819][ T403] loop0: detected capacity change from 0 to 1024
[ 26.024001][ T403] EXT4-fs: Ignoring removed orlov option
[ 26.029551][ T403] EXT4-fs: Ignoring removed nomblk_io_submit option
openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/lost+found") = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file0") = 0
umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file1") = 0
umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/file0") = 0
umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file1") = 0
umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file2") = 0
umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file3") = 0
umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file1") = -1 EBUSY (Device or resource busy)
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./33/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 406
./strace-static-x86_64: Process 406 attached
[pid 406] set_robust_list(0x555557163660, 24) = 0
[pid 406] chdir("./34") = 0
[pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 406] setpgid(0, 0) = 0
[pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 406] write(3, "1000", 4) = 4
[pid 406] close(3) = 0
[pid 406] symlink("/dev/binderfs", "./binderfs") = 0
[pid 406] write(1, "executing program\n", 18) = 18
[pid 406] memfd_create("syzkaller", 0) = 3
[pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 406] munmap(0x7f1009176000, 138412032) = 0
[pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 406] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 406] close(3) = 0
[pid 406] close(4) = 0
[pid 406] mkdir("./file1", 0777) = 0
[pid 406] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 406] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 406] chdir("./file1") = 0
[pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 406] ioctl(4, LOOP_CLR_FD) = 0
[pid 406] close(4) = 0
[pid 406] chdir("./file0") = 0
[pid 406] creat("./bus", 000) = 4
[pid 406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 406] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 406] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 406] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 406] exit_group(0) = ?
[pid 406] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/lost+found") = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file0") = 0
umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file1") = 0
umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/file0") = 0
umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file1") = 0
umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file2") = 0
umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file3") = 0
umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file1") = -1 EBUSY (Device or resource busy)
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./34/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 409
./strace-static-x86_64: Process 409 attached
[pid 409] set_robust_list(0x555557163660, 24) = 0
[pid 409] chdir("./35") = 0
[pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 409] setpgid(0, 0) = 0
[pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 409] write(3, "1000", 4) = 4
[pid 409] close(3) = 0
[pid 409] symlink("/dev/binderfs", "./binderfs") = 0
[pid 409] write(1, "executing program\n", 18) = 18
[pid 409] memfd_create("syzkaller", 0) = 3
[pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 26.096999][ T406] loop0: detected capacity change from 0 to 1024
[ 26.104010][ T406] EXT4-fs: Ignoring removed orlov option
[ 26.109505][ T406] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 409] munmap(0x7f1009176000, 138412032) = 0
[pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 409] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 409] close(3) = 0
[pid 409] close(4) = 0
[pid 409] mkdir("./file1", 0777) = 0
[pid 409] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 409] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 409] chdir("./file1") = 0
[pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 409] ioctl(4, LOOP_CLR_FD) = 0
[pid 409] close(4) = 0
[pid 409] chdir("./file0") = 0
[pid 409] creat("./bus", 000) = 4
[pid 409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 409] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 409] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 409] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 409] exit_group(0) = ?
[pid 409] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=409, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/lost+found") = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file0") = 0
umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file1") = 0
umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/file0") = 0
umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file1") = 0
umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file2") = 0
umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file3") = 0
umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file1") = -1 EBUSY (Device or resource busy)
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./35/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 412
./strace-static-x86_64: Process 412 attached
[pid 412] set_robust_list(0x555557163660, 24) = 0
[pid 412] chdir("./36") = 0
[pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 412] setpgid(0, 0) = 0
[pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 412] write(3, "1000", 4) = 4
[pid 412] close(3) = 0
[pid 412] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 412] write(1, "executing program\n", 18) = 18
[pid 412] memfd_create("syzkaller", 0) = 3
[pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 412] munmap(0x7f1009176000, 138412032) = 0
[pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.159234][ T409] loop0: detected capacity change from 0 to 1024
[ 26.169508][ T409] EXT4-fs: Ignoring removed orlov option
[ 26.174977][ T409] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 412] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 412] close(3) = 0
[pid 412] close(4) = 0
[pid 412] mkdir("./file1", 0777) = 0
[pid 412] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 412] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 412] chdir("./file1") = 0
[pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 412] ioctl(4, LOOP_CLR_FD) = 0
[pid 412] close(4) = 0
[pid 412] chdir("./file0") = 0
[pid 412] creat("./bus", 000) = 4
[pid 412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 412] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 412] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 412] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 412] exit_group(0) = ?
[pid 412] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/lost+found") = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file0") = 0
umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file1") = 0
umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/file0") = 0
umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file1") = 0
umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file2") = 0
umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file3") = 0
umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file1") = -1 EBUSY (Device or resource busy)
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./36/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 415
./strace-static-x86_64: Process 415 attached
[pid 415] set_robust_list(0x555557163660, 24) = 0
[pid 415] chdir("./37") = 0
[pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 415] setpgid(0, 0) = 0
[pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 415] write(3, "1000", 4) = 4
[pid 415] close(3) = 0
[pid 415] symlink("/dev/binderfs", "./binderfs") = 0
[pid 415] write(1, "executing program\n", 18) = 18
[pid 415] memfd_create("syzkaller", 0) = 3
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 415] munmap(0x7f1009176000, 138412032) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.219590][ T412] loop0: detected capacity change from 0 to 1024
[ 26.228820][ T412] EXT4-fs: Ignoring removed orlov option
[ 26.234322][ T412] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 415] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 415] close(3) = 0
[pid 415] close(4) = 0
[pid 415] mkdir("./file1", 0777) = 0
[pid 415] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 415] chdir("./file1") = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 415] ioctl(4, LOOP_CLR_FD) = 0
[pid 415] close(4) = 0
[pid 415] chdir("./file0") = 0
[pid 415] creat("./bus", 000) = 4
[pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 415] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 415] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 415] exit_group(0) = ?
[pid 415] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/lost+found") = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file0") = 0
umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file1") = 0
umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/file0") = 0
umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file1") = 0
umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file2") = 0
umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file3") = 0
umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file1") = -1 EBUSY (Device or resource busy)
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./37/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 418
./strace-static-x86_64: Process 418 attached
[pid 418] set_robust_list(0x555557163660, 24) = 0
[pid 418] chdir("./38") = 0
[pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 418] setpgid(0, 0) = 0
[pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 418] write(3, "1000", 4) = 4
[pid 418] close(3) = 0
[pid 418] symlink("/dev/binderfs", "./binderfs") = 0
[pid 418] write(1, "executing program\n", 18) = 18
[pid 418] memfd_create("syzkaller", 0) = 3
[pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 26.278988][ T415] loop0: detected capacity change from 0 to 1024
[ 26.285989][ T415] EXT4-fs: Ignoring removed orlov option
[ 26.291704][ T415] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 418] munmap(0x7f1009176000, 138412032) = 0
[pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 418] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 418] close(3) = 0
[pid 418] close(4) = 0
[pid 418] mkdir("./file1", 0777) = 0
[pid 418] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 418] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 418] chdir("./file1") = 0
[pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 418] ioctl(4, LOOP_CLR_FD) = 0
[pid 418] close(4) = 0
[pid 418] chdir("./file0") = 0
[pid 418] creat("./bus", 000) = 4
[pid 418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 418] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 418] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 418] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 418] exit_group(0) = ?
[pid 418] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/lost+found") = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file0") = 0
umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file1") = 0
umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/file0") = 0
umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file1") = 0
umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file2") = 0
umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file3") = 0
umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file1") = -1 EBUSY (Device or resource busy)
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./38/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 422
./strace-static-x86_64: Process 422 attached
[pid 422] set_robust_list(0x555557163660, 24) = 0
[pid 422] chdir("./39") = 0
[pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 422] setpgid(0, 0) = 0
[pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 422] write(3, "1000", 4) = 4
[pid 422] close(3) = 0
[pid 422] symlink("/dev/binderfs", "./binderfs") = 0
[pid 422] write(1, "executing program\n", 18executing program
) = 18
[pid 422] memfd_create("syzkaller", 0) = 3
[pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 26.343993][ T418] loop0: detected capacity change from 0 to 1024
[ 26.351002][ T418] EXT4-fs: Ignoring removed orlov option
[ 26.357266][ T418] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 422] munmap(0x7f1009176000, 138412032) = 0
[pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 422] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 422] close(3) = 0
[pid 422] close(4) = 0
[pid 422] mkdir("./file1", 0777) = 0
[pid 422] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 422] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 422] chdir("./file1") = 0
[pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 422] ioctl(4, LOOP_CLR_FD) = 0
[pid 422] close(4) = 0
[pid 422] chdir("./file0") = 0
[pid 422] creat("./bus", 000) = 4
[pid 422] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 422] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 422] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 422] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 422] exit_group(0) = ?
[pid 422] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=422, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/lost+found") = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file0") = 0
umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file1") = 0
umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/file0") = 0
umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file1") = 0
umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file2") = 0
umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file3") = 0
umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file1") = -1 EBUSY (Device or resource busy)
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 26.406590][ T422] loop0: detected capacity change from 0 to 1024
[ 26.414591][ T422] EXT4-fs: Ignoring removed orlov option
[ 26.420634][ T422] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./39/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 425
./strace-static-x86_64: Process 425 attached
[pid 425] set_robust_list(0x555557163660, 24) = 0
[pid 425] chdir("./40") = 0
[pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 425] setpgid(0, 0) = 0
[pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 425] write(3, "1000", 4) = 4
[pid 425] close(3) = 0
[pid 425] symlink("/dev/binderfs", "./binderfs") = 0
[pid 425] write(1, "executing program\n", 18executing program
) = 18
[pid 425] memfd_create("syzkaller", 0) = 3
[pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 425] munmap(0x7f1009176000, 138412032) = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 425] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 425] close(3) = 0
[pid 425] close(4) = 0
[pid 425] mkdir("./file1", 0777) = 0
[pid 425] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 425] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 425] chdir("./file1") = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 425] ioctl(4, LOOP_CLR_FD) = 0
[pid 425] close(4) = 0
[pid 425] chdir("./file0") = 0
[pid 425] creat("./bus", 000) = 4
[pid 425] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 425] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 425] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 425] exit_group(0) = ?
[pid 425] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/lost+found") = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file0") = 0
umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file1") = 0
umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/file0") = 0
umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file1") = 0
umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file2") = 0
umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file3") = 0
umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file1") = -1 EBUSY (Device or resource busy)
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./40/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 429
./strace-static-x86_64: Process 429 attached
[pid 429] set_robust_list(0x555557163660, 24) = 0
[pid 429] chdir("./41") = 0
[pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 429] setpgid(0, 0) = 0
[pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 429] write(3, "1000", 4) = 4
[pid 429] close(3) = 0
[pid 429] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 429] write(1, "executing program\n", 18) = 18
[pid 429] memfd_create("syzkaller", 0) = 3
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 429] munmap(0x7f1009176000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.478037][ T425] loop0: detected capacity change from 0 to 1024
[ 26.485065][ T425] EXT4-fs: Ignoring removed orlov option
[ 26.490793][ T425] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 429] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 429] close(3) = 0
[pid 429] close(4) = 0
[pid 429] mkdir("./file1", 0777) = 0
[pid 429] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 429] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 429] chdir("./file1") = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_CLR_FD) = 0
[pid 429] close(4) = 0
[pid 429] chdir("./file0") = 0
[pid 429] creat("./bus", 000) = 4
[pid 429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 429] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 429] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 429] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 429] exit_group(0) = ?
[pid 429] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/lost+found") = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file0") = 0
umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file1") = 0
umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/file0") = 0
umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file1") = 0
umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file2") = 0
umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file3") = 0
umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file1") = -1 EBUSY (Device or resource busy)
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./41/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 432
./strace-static-x86_64: Process 432 attached
[pid 432] set_robust_list(0x555557163660, 24) = 0
[pid 432] chdir("./42") = 0
[pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 432] setpgid(0, 0) = 0
[pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 432] write(3, "1000", 4) = 4
[pid 432] close(3) = 0
[pid 432] symlink("/dev/binderfs", "./binderfs") = 0
[pid 432] write(1, "executing program\n", 18) = 18
[pid 432] memfd_create("syzkaller", 0) = 3
[pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 432] munmap(0x7f1009176000, 138412032) = 0
[pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.534216][ T429] loop0: detected capacity change from 0 to 1024
[ 26.541139][ T429] EXT4-fs: Ignoring removed orlov option
[ 26.546793][ T429] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 432] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 432] close(3) = 0
[pid 432] close(4) = 0
[pid 432] mkdir("./file1", 0777) = 0
[pid 432] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 432] chdir("./file1") = 0
[pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 432] ioctl(4, LOOP_CLR_FD) = 0
[pid 432] close(4) = 0
[pid 432] chdir("./file0") = 0
[pid 432] creat("./bus", 000) = 4
[pid 432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 432] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 432] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 432] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 432] exit_group(0) = ?
[pid 432] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./42/file1/lost+found") = 0
umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./42/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/file0") = 0
umount2("./42/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/file1") = 0
umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./42/file1/file0") = 0
umount2("./42/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file1") = 0
umount2("./42/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file2") = 0
umount2("./42/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file3") = 0
umount2("./42/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file1") = -1 EBUSY (Device or resource busy)
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./42/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 435
./strace-static-x86_64: Process 435 attached
[pid 435] set_robust_list(0x555557163660, 24) = 0
[pid 435] chdir("./43") = 0
[pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 435] setpgid(0, 0) = 0
[pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 435] write(3, "1000", 4) = 4
[pid 435] close(3) = 0
[pid 435] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 435] write(1, "executing program\n", 18) = 18
[pid 435] memfd_create("syzkaller", 0) = 3
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 435] munmap(0x7f1009176000, 138412032) = 0
[ 26.585073][ T432] loop0: detected capacity change from 0 to 1024
[ 26.592118][ T432] EXT4-fs: Ignoring removed orlov option
[ 26.597852][ T432] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 435] close(3) = 0
[pid 435] close(4) = 0
[pid 435] mkdir("./file1", 0777) = 0
[pid 435] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 435] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 435] chdir("./file1") = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_CLR_FD) = 0
[pid 435] close(4) = 0
[pid 435] chdir("./file0") = 0
[pid 435] creat("./bus", 000) = 4
[pid 435] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 435] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 435] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 435] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 435] exit_group(0) = ?
[pid 435] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./43/file1/lost+found") = 0
umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./43/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/file0") = 0
umount2("./43/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/file1") = 0
umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./43/file1/file0") = 0
umount2("./43/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file1") = 0
umount2("./43/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file2") = 0
umount2("./43/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file3") = 0
umount2("./43/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file1") = -1 EBUSY (Device or resource busy)
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./43/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 438
./strace-static-x86_64: Process 438 attached
[pid 438] set_robust_list(0x555557163660, 24) = 0
[pid 438] chdir("./44") = 0
[pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 438] setpgid(0, 0) = 0
[pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 438] write(3, "1000", 4) = 4
[pid 438] close(3) = 0
[pid 438] symlink("/dev/binderfs", "./binderfs") = 0
[pid 438] write(1, "executing program\n", 18executing program
) = 18
[pid 438] memfd_create("syzkaller", 0) = 3
[pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 438] munmap(0x7f1009176000, 138412032) = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.636542][ T435] loop0: detected capacity change from 0 to 1024
[ 26.643752][ T435] EXT4-fs: Ignoring removed orlov option
[ 26.649347][ T435] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 438] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 438] close(3) = 0
[pid 438] close(4) = 0
[pid 438] mkdir("./file1", 0777) = 0
[pid 438] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 438] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 438] chdir("./file1") = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_CLR_FD) = 0
[pid 438] close(4) = 0
[pid 438] chdir("./file0") = 0
[pid 438] creat("./bus", 000) = 4
[pid 438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 438] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 438] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 438] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 438] exit_group(0) = ?
[pid 438] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./44/file1/lost+found") = 0
umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./44/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/file0") = 0
umount2("./44/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/file1") = 0
umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./44/file1/file0") = 0
umount2("./44/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file1") = 0
umount2("./44/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file2") = 0
umount2("./44/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file3") = 0
umount2("./44/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file1") = -1 EBUSY (Device or resource busy)
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./44/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 441
./strace-static-x86_64: Process 441 attached
[pid 441] set_robust_list(0x555557163660, 24) = 0
[pid 441] chdir("./45") = 0
[pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 441] setpgid(0, 0) = 0
[pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 441] write(3, "1000", 4) = 4
[pid 441] close(3) = 0
[pid 441] symlink("/dev/binderfs", "./binderfs") = 0
[pid 441] write(1, "executing program\n", 18) = 18
[pid 441] memfd_create("syzkaller", 0) = 3
[pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 441] munmap(0x7f1009176000, 138412032) = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.696654][ T438] loop0: detected capacity change from 0 to 1024
[ 26.703638][ T438] EXT4-fs: Ignoring removed orlov option
[ 26.709175][ T438] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 441] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 441] close(3) = 0
[pid 441] close(4) = 0
[pid 441] mkdir("./file1", 0777) = 0
[pid 441] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 441] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 441] chdir("./file1") = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_CLR_FD) = 0
[pid 441] close(4) = 0
[pid 441] chdir("./file0") = 0
[pid 441] creat("./bus", 000) = 4
[pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 441] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 441] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 441] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 441] exit_group(0) = ?
[pid 441] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./45/file1/lost+found") = 0
umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./45/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/file0") = 0
umount2("./45/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/file1") = 0
umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./45/file1/file0") = 0
umount2("./45/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file1") = 0
umount2("./45/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file2") = 0
umount2("./45/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file3") = 0
umount2("./45/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file1") = -1 EBUSY (Device or resource busy)
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./45/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 444
./strace-static-x86_64: Process 444 attached
[pid 444] set_robust_list(0x555557163660, 24) = 0
[pid 444] chdir("./46") = 0
[pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 444] setpgid(0, 0) = 0
[pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 444] write(3, "1000", 4) = 4
[pid 444] close(3) = 0
[pid 444] symlink("/dev/binderfs", "./binderfs") = 0
[pid 444] write(1, "executing program\n", 18) = 18
[pid 444] memfd_create("syzkaller", 0) = 3
[pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 444] munmap(0x7f1009176000, 138412032) = 0
[ 26.749605][ T441] loop0: detected capacity change from 0 to 1024
[ 26.757332][ T441] EXT4-fs: Ignoring removed orlov option
[ 26.762889][ T441] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 444] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 444] close(3) = 0
[pid 444] close(4) = 0
[pid 444] mkdir("./file1", 0777) = 0
[pid 444] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 444] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 444] chdir("./file1") = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 444] ioctl(4, LOOP_CLR_FD) = 0
[pid 444] close(4) = 0
[pid 444] chdir("./file0") = 0
[pid 444] creat("./bus", 000) = 4
[pid 444] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 444] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 444] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 444] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 444] exit_group(0) = ?
[pid 444] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./46/file1/lost+found") = 0
umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./46/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/file0") = 0
umount2("./46/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/file1") = 0
umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./46/file1/file0") = 0
umount2("./46/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file1") = 0
umount2("./46/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file2") = 0
umount2("./46/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file3") = 0
umount2("./46/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file1") = -1 EBUSY (Device or resource busy)
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./46/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 447
./strace-static-x86_64: Process 447 attached
[pid 447] set_robust_list(0x555557163660, 24) = 0
[pid 447] chdir("./47") = 0
[pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 447] setpgid(0, 0) = 0
[pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 447] write(3, "1000", 4) = 4
[pid 447] close(3) = 0
[pid 447] symlink("/dev/binderfs", "./binderfs") = 0
[pid 447] write(1, "executing program\n", 18) = 18
[pid 447] memfd_create("syzkaller", 0) = 3
[pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 447] munmap(0x7f1009176000, 138412032) = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.808664][ T444] loop0: detected capacity change from 0 to 1024
[ 26.817349][ T444] EXT4-fs: Ignoring removed orlov option
[ 26.822881][ T444] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 447] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 447] close(3) = 0
[pid 447] close(4) = 0
[pid 447] mkdir("./file1", 0777) = 0
[pid 447] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 447] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 447] chdir("./file1") = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_CLR_FD) = 0
[pid 447] close(4) = 0
[pid 447] chdir("./file0") = 0
[pid 447] creat("./bus", 000) = 4
[pid 447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 447] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 447] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 447] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 447] exit_group(0) = ?
[pid 447] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./47/file1/lost+found") = 0
umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./47/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/file0") = 0
umount2("./47/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/file1") = 0
umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./47/file1/file0") = 0
umount2("./47/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file1") = 0
umount2("./47/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file2") = 0
umount2("./47/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file3") = 0
umount2("./47/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file1") = -1 EBUSY (Device or resource busy)
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./47/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 450
./strace-static-x86_64: Process 450 attached
[pid 450] set_robust_list(0x555557163660, 24) = 0
[pid 450] chdir("./48") = 0
[pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 450] setpgid(0, 0) = 0
[pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 450] write(3, "1000", 4) = 4
[pid 450] close(3) = 0
[pid 450] symlink("/dev/binderfs", "./binderfs") = 0
[ 26.867389][ T447] loop0: detected capacity change from 0 to 1024
[ 26.874748][ T447] EXT4-fs: Ignoring removed orlov option
[ 26.880270][ T447] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 450] write(1, "executing program\n", 18executing program
) = 18
[pid 450] memfd_create("syzkaller", 0) = 3
[pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 450] munmap(0x7f1009176000, 138412032) = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 450] close(3) = 0
[pid 450] close(4) = 0
[pid 450] mkdir("./file1", 0777) = 0
[pid 450] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 450] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 450] chdir("./file1") = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_CLR_FD) = 0
[pid 450] close(4) = 0
[pid 450] chdir("./file0") = 0
[pid 450] creat("./bus", 000) = 4
[pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 450] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 450] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 450] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 450] exit_group(0) = ?
[pid 450] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./48/file1/lost+found") = 0
umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./48/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/file0") = 0
umount2("./48/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/file1") = 0
umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./48/file1/file0") = 0
umount2("./48/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file1") = 0
umount2("./48/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file2") = 0
umount2("./48/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file3") = 0
umount2("./48/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file1") = -1 EBUSY (Device or resource busy)
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./48/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 26.932190][ T450] loop0: detected capacity change from 0 to 1024
[ 26.940045][ T450] EXT4-fs: Ignoring removed orlov option
[ 26.945736][ T450] EXT4-fs: Ignoring removed nomblk_io_submit option
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 453
./strace-static-x86_64: Process 453 attached
[pid 453] set_robust_list(0x555557163660, 24) = 0
[pid 453] chdir("./49") = 0
[pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 453] setpgid(0, 0) = 0
[pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 453] write(3, "1000", 4) = 4
[pid 453] close(3) = 0
[pid 453] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 453] write(1, "executing program\n", 18) = 18
[pid 453] memfd_create("syzkaller", 0) = 3
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 453] munmap(0x7f1009176000, 138412032) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 453] close(3) = 0
[pid 453] close(4) = 0
[pid 453] mkdir("./file1", 0777) = 0
[pid 453] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 453] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 453] chdir("./file1") = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_CLR_FD) = 0
[pid 453] close(4) = 0
[pid 453] chdir("./file0") = 0
[pid 453] creat("./bus", 000) = 4
[pid 453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 453] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 453] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 453] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 453] exit_group(0) = ?
[pid 453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./49/file1/lost+found") = 0
umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./49/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/file0") = 0
umount2("./49/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/file1") = 0
umount2("./49/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./49/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./49/file1/file0") = 0
umount2("./49/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file1") = 0
umount2("./49/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file2") = 0
umount2("./49/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file3") = 0
umount2("./49/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file1") = -1 EBUSY (Device or resource busy)
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./49/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 456
./strace-static-x86_64: Process 456 attached
[pid 456] set_robust_list(0x555557163660, 24) = 0
[pid 456] chdir("./50") = 0
[pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 456] setpgid(0, 0) = 0
[pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 456] write(3, "1000", 4) = 4
[pid 456] close(3) = 0
[ 26.996922][ T453] loop0: detected capacity change from 0 to 1024
[ 27.004028][ T453] EXT4-fs: Ignoring removed orlov option
[ 27.009577][ T453] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 456] write(1, "executing program\n", 18executing program
) = 18
[pid 456] memfd_create("syzkaller", 0) = 3
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 456] munmap(0x7f1009176000, 138412032) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 456] close(3) = 0
[pid 456] close(4) = 0
[pid 456] mkdir("./file1", 0777) = 0
[pid 456] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 456] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 456] chdir("./file1") = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_CLR_FD) = 0
[pid 456] close(4) = 0
[pid 456] chdir("./file0") = 0
[pid 456] creat("./bus", 000) = 4
[pid 456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 456] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 456] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 456] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 456] exit_group(0) = ?
[pid 456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./50/file1/lost+found") = 0
umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./50/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/file0") = 0
umount2("./50/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/file1") = 0
umount2("./50/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./50/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./50/file1/file0") = 0
umount2("./50/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file1") = 0
umount2("./50/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file2") = 0
umount2("./50/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file3") = 0
umount2("./50/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file1") = -1 EBUSY (Device or resource busy)
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./50/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 459
./strace-static-x86_64: Process 459 attached
[pid 459] set_robust_list(0x555557163660, 24) = 0
[pid 459] chdir("./51") = 0
[pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 459] setpgid(0, 0) = 0
[pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 459] write(3, "1000", 4) = 4
[pid 459] close(3) = 0
[pid 459] symlink("/dev/binderfs", "./binderfs") = 0
[pid 459] write(1, "executing program\n", 18) = 18
[pid 459] memfd_create("syzkaller", 0) = 3
[pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 27.062230][ T456] loop0: detected capacity change from 0 to 1024
[ 27.069641][ T456] EXT4-fs: Ignoring removed orlov option
[ 27.075147][ T456] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 459] munmap(0x7f1009176000, 138412032) = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 459] close(3) = 0
[pid 459] close(4) = 0
[pid 459] mkdir("./file1", 0777) = 0
[pid 459] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 459] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 459] chdir("./file1") = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_CLR_FD) = 0
[pid 459] close(4) = 0
[pid 459] chdir("./file0") = 0
[pid 459] creat("./bus", 000) = 4
[pid 459] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 459] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 459] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 459] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 459] exit_group(0) = ?
[pid 459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./51/file1/lost+found") = 0
umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./51/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/file0") = 0
umount2("./51/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/file1") = 0
umount2("./51/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./51/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./51/file1/file0") = 0
umount2("./51/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file1") = 0
umount2("./51/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file2") = 0
umount2("./51/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file3") = 0
umount2("./51/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file1") = -1 EBUSY (Device or resource busy)
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./51/file1") = 0
[ 27.125378][ T459] loop0: detected capacity change from 0 to 1024
[ 27.135927][ T459] EXT4-fs: Ignoring removed orlov option
[ 27.141591][ T459] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 462
./strace-static-x86_64: Process 462 attached
[pid 462] set_robust_list(0x555557163660, 24) = 0
[pid 462] chdir("./52") = 0
[pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 462] setpgid(0, 0) = 0
[pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 462] write(3, "1000", 4) = 4
[pid 462] close(3) = 0
[pid 462] symlink("/dev/binderfs", "./binderfs") = 0
[pid 462] write(1, "executing program\n", 18executing program
) = 18
[pid 462] memfd_create("syzkaller", 0) = 3
[pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 462] munmap(0x7f1009176000, 138412032) = 0
[pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 462] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 462] close(3) = 0
[pid 462] close(4) = 0
[pid 462] mkdir("./file1", 0777) = 0
[pid 462] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 462] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 462] chdir("./file1") = 0
[pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 462] ioctl(4, LOOP_CLR_FD) = 0
[pid 462] close(4) = 0
[pid 462] chdir("./file0") = 0
[pid 462] creat("./bus", 000) = 4
[pid 462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 462] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 462] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 462] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 462] exit_group(0) = ?
[pid 462] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./52/file1/lost+found") = 0
umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./52/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/file0") = 0
umount2("./52/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/file1") = 0
umount2("./52/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./52/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./52/file1/file0") = 0
umount2("./52/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file1") = 0
umount2("./52/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file2") = 0
umount2("./52/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file3") = 0
umount2("./52/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file1") = -1 EBUSY (Device or resource busy)
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./52/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 465
./strace-static-x86_64: Process 465 attached
[pid 465] set_robust_list(0x555557163660, 24) = 0
[pid 465] chdir("./53") = 0
[pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 465] setpgid(0, 0) = 0
[pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 465] write(3, "1000", 4) = 4
[pid 465] close(3) = 0
[pid 465] symlink("/dev/binderfs", "./binderfs") = 0
[pid 465] write(1, "executing program\n", 18) = 18
[pid 465] memfd_create("syzkaller", 0) = 3
[pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 465] munmap(0x7f1009176000, 138412032) = 0
[ 27.195531][ T462] loop0: detected capacity change from 0 to 1024
[ 27.202650][ T462] EXT4-fs: Ignoring removed orlov option
[ 27.208485][ T462] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 465] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 465] close(3) = 0
[pid 465] close(4) = 0
[pid 465] mkdir("./file1", 0777) = 0
[pid 465] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 465] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 465] chdir("./file1") = 0
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 465] ioctl(4, LOOP_CLR_FD) = 0
[pid 465] close(4) = 0
[pid 465] chdir("./file0") = 0
[pid 465] creat("./bus", 000) = 4
[pid 465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 465] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 465] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 465] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 465] exit_group(0) = ?
[pid 465] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./53/file1/lost+found") = 0
umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./53/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/file0") = 0
umount2("./53/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/file1") = 0
umount2("./53/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./53/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./53/file1/file0") = 0
umount2("./53/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file1") = 0
umount2("./53/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file2") = 0
umount2("./53/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file3") = 0
umount2("./53/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file1") = -1 EBUSY (Device or resource busy)
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./53/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 468
./strace-static-x86_64: Process 468 attached
[pid 468] set_robust_list(0x555557163660, 24) = 0
[pid 468] chdir("./54") = 0
[pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 468] setpgid(0, 0) = 0
[pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 468] write(3, "1000", 4) = 4
[pid 468] close(3) = 0
[pid 468] symlink("/dev/binderfs", "./binderfs") = 0
[pid 468] write(1, "executing program\n", 18) = 18
[pid 468] memfd_create("syzkaller", 0) = 3
[pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 468] munmap(0x7f1009176000, 138412032) = 0
[pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.245898][ T465] loop0: detected capacity change from 0 to 1024
[ 27.253198][ T465] EXT4-fs: Ignoring removed orlov option
[ 27.258713][ T465] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 468] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 468] close(3) = 0
[pid 468] close(4) = 0
[pid 468] mkdir("./file1", 0777) = 0
[pid 468] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 468] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 468] chdir("./file1") = 0
[pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 468] ioctl(4, LOOP_CLR_FD) = 0
[pid 468] close(4) = 0
[pid 468] chdir("./file0") = 0
[pid 468] creat("./bus", 000) = 4
[pid 468] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 468] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 468] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 468] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 468] exit_group(0) = ?
[pid 468] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./54/file1/lost+found") = 0
umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./54/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/file0") = 0
umount2("./54/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/file1") = 0
umount2("./54/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./54/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./54/file1/file0") = 0
umount2("./54/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file1") = 0
umount2("./54/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file2") = 0
umount2("./54/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file3") = 0
umount2("./54/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file1") = -1 EBUSY (Device or resource busy)
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./54/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 27.303212][ T468] loop0: detected capacity change from 0 to 1024
[ 27.310250][ T468] EXT4-fs: Ignoring removed orlov option
[ 27.315758][ T468] EXT4-fs: Ignoring removed nomblk_io_submit option
executing program
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 471
./strace-static-x86_64: Process 471 attached
[pid 471] set_robust_list(0x555557163660, 24) = 0
[pid 471] chdir("./55") = 0
[pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 471] setpgid(0, 0) = 0
[pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 471] write(3, "1000", 4) = 4
[pid 471] close(3) = 0
[pid 471] symlink("/dev/binderfs", "./binderfs") = 0
[pid 471] write(1, "executing program\n", 18) = 18
[pid 471] memfd_create("syzkaller", 0) = 3
[pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 471] munmap(0x7f1009176000, 138412032) = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 471] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 471] close(3) = 0
[pid 471] close(4) = 0
[pid 471] mkdir("./file1", 0777) = 0
[pid 471] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 471] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 471] chdir("./file1") = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 471] ioctl(4, LOOP_CLR_FD) = 0
[pid 471] close(4) = 0
[pid 471] chdir("./file0") = 0
[pid 471] creat("./bus", 000) = 4
[pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 471] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 471] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 471] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 471] exit_group(0) = ?
[pid 471] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./55/file1/lost+found") = 0
umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./55/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/file0") = 0
umount2("./55/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/file1") = 0
umount2("./55/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./55/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./55/file1/file0") = 0
umount2("./55/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file1") = 0
umount2("./55/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file2") = 0
umount2("./55/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file3") = 0
umount2("./55/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file1") = -1 EBUSY (Device or resource busy)
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./55/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 27.370966][ T471] loop0: detected capacity change from 0 to 1024
[ 27.378165][ T471] EXT4-fs: Ignoring removed orlov option
[ 27.383794][ T471] EXT4-fs: Ignoring removed nomblk_io_submit option
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 474
./strace-static-x86_64: Process 474 attached
[pid 474] set_robust_list(0x555557163660, 24) = 0
[pid 474] chdir("./56") = 0
[pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 474] setpgid(0, 0) = 0
[pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 474] write(3, "1000", 4) = 4
[pid 474] close(3) = 0
[pid 474] symlink("/dev/binderfs", "./binderfs") = 0
[pid 474] write(1, "executing program\n", 18) = 18
[pid 474] memfd_create("syzkaller", 0) = 3
[pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 474] munmap(0x7f1009176000, 138412032) = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 474] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 474] close(3) = 0
[pid 474] close(4) = 0
[pid 474] mkdir("./file1", 0777) = 0
[pid 474] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 474] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 474] chdir("./file1") = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 474] ioctl(4, LOOP_CLR_FD) = 0
[pid 474] close(4) = 0
[pid 474] chdir("./file0") = 0
[pid 474] creat("./bus", 000) = 4
[pid 474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 474] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 474] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 474] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 474] exit_group(0) = ?
[pid 474] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./56/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./56/file1/lost+found") = 0
umount2("./56/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./56/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file0/file0") = 0
umount2("./56/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file0/file1") = 0
umount2("./56/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./56/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./56/file1/file0") = 0
umount2("./56/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file1") = 0
umount2("./56/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file2") = 0
umount2("./56/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file3") = 0
umount2("./56/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file1") = -1 EBUSY (Device or resource busy)
umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./56/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 477
./strace-static-x86_64: Process 477 attached
[pid 477] set_robust_list(0x555557163660, 24) = 0
[pid 477] chdir("./57") = 0
[pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 477] setpgid(0, 0) = 0
[pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 477] write(3, "1000", 4) = 4
[pid 477] close(3) = 0
[pid 477] symlink("/dev/binderfs", "./binderfs") = 0
[pid 477] write(1, "executing program\n", 18) = 18
[pid 477] memfd_create("syzkaller", 0) = 3
[pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 27.436216][ T474] loop0: detected capacity change from 0 to 1024
[ 27.444237][ T474] EXT4-fs: Ignoring removed orlov option
[ 27.449807][ T474] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 477] munmap(0x7f1009176000, 138412032) = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 477] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 477] close(3) = 0
[pid 477] close(4) = 0
[pid 477] mkdir("./file1", 0777) = 0
[pid 477] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 477] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 477] chdir("./file1") = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 477] ioctl(4, LOOP_CLR_FD) = 0
[pid 477] close(4) = 0
[pid 477] chdir("./file0") = 0
[pid 477] creat("./bus", 000) = 4
[pid 477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 477] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 477] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 477] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 477] exit_group(0) = ?
[pid 477] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./57/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./57/file1/lost+found") = 0
umount2("./57/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./57/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file0/file0") = 0
umount2("./57/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file0/file1") = 0
umount2("./57/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./57/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./57/file1/file0") = 0
umount2("./57/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file1") = 0
umount2("./57/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file2") = 0
umount2("./57/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file3") = 0
umount2("./57/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file1") = -1 EBUSY (Device or resource busy)
umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./57/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 481
./strace-static-x86_64: Process 481 attached
[pid 481] set_robust_list(0x555557163660, 24) = 0
[pid 481] chdir("./58") = 0
[pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 481] setpgid(0, 0) = 0
[pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 27.498928][ T477] loop0: detected capacity change from 0 to 1024
[ 27.505893][ T477] EXT4-fs: Ignoring removed orlov option
[ 27.511609][ T477] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 481] write(3, "1000", 4) = 4
[pid 481] close(3) = 0
[pid 481] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 481] write(1, "executing program\n", 18) = 18
[pid 481] memfd_create("syzkaller", 0) = 3
[pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 481] munmap(0x7f1009176000, 138412032) = 0
[pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 481] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 481] close(3) = 0
[pid 481] close(4) = 0
[pid 481] mkdir("./file1", 0777) = 0
[pid 481] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 481] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 481] chdir("./file1") = 0
[pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 481] ioctl(4, LOOP_CLR_FD) = 0
[pid 481] close(4) = 0
[pid 481] chdir("./file0") = 0
[pid 481] creat("./bus", 000) = 4
[pid 481] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 481] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 481] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 481] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 481] exit_group(0) = ?
[pid 481] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=481, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./58/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./58/file1/lost+found") = 0
umount2("./58/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./58/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file0/file0") = 0
umount2("./58/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file0/file1") = 0
umount2("./58/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./58/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./58/file1/file0") = 0
umount2("./58/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file1") = 0
umount2("./58/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file2") = 0
umount2("./58/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file3") = 0
umount2("./58/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file1") = -1 EBUSY (Device or resource busy)
umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./58/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 484
./strace-static-x86_64: Process 484 attached
[pid 484] set_robust_list(0x555557163660, 24) = 0
[pid 484] chdir("./59") = 0
[pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 484] setpgid(0, 0) = 0
[pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 484] write(3, "1000", 4) = 4
[pid 484] close(3) = 0
[pid 484] symlink("/dev/binderfs", "./binderfs") = 0
[pid 484] write(1, "executing program\n", 18) = 18
[pid 484] memfd_create("syzkaller", 0) = 3
[pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 484] munmap(0x7f1009176000, 138412032) = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.564795][ T481] loop0: detected capacity change from 0 to 1024
[ 27.572936][ T481] EXT4-fs: Ignoring removed orlov option
[ 27.578573][ T481] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 484] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 484] close(3) = 0
[pid 484] close(4) = 0
[pid 484] mkdir("./file1", 0777) = 0
[pid 484] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 484] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 484] chdir("./file1") = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 484] ioctl(4, LOOP_CLR_FD) = 0
[pid 484] close(4) = 0
[pid 484] chdir("./file0") = 0
[pid 484] creat("./bus", 000) = 4
[pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 484] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 484] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 484] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 484] exit_group(0) = ?
[pid 484] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./59/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./59/file1/lost+found") = 0
umount2("./59/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./59/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file0/file0") = 0
umount2("./59/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file0/file1") = 0
umount2("./59/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./59/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./59/file1/file0") = 0
umount2("./59/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file1") = 0
umount2("./59/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file2") = 0
umount2("./59/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file3") = 0
umount2("./59/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file1") = -1 EBUSY (Device or resource busy)
[ 27.620535][ T484] loop0: detected capacity change from 0 to 1024
[ 27.629406][ T484] EXT4-fs: Ignoring removed orlov option
[ 27.634969][ T484] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./59/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 487
./strace-static-x86_64: Process 487 attached
[pid 487] set_robust_list(0x555557163660, 24) = 0
[pid 487] chdir("./60") = 0
[pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 487] setpgid(0, 0) = 0
[pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 487] write(3, "1000", 4) = 4
[pid 487] close(3) = 0
[pid 487] symlink("/dev/binderfs", "./binderfs") = 0
[pid 487] write(1, "executing program\n", 18) = 18
[pid 487] memfd_create("syzkaller", 0) = 3
[pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 487] munmap(0x7f1009176000, 138412032) = 0
[pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 487] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 487] close(3) = 0
[pid 487] close(4) = 0
[pid 487] mkdir("./file1", 0777) = 0
[pid 487] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 487] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 487] chdir("./file1") = 0
[pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 487] ioctl(4, LOOP_CLR_FD) = 0
[pid 487] close(4) = 0
[pid 487] chdir("./file0") = 0
[pid 487] creat("./bus", 000) = 4
[pid 487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 487] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 487] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 487] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 487] exit_group(0) = ?
[pid 487] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=487, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./60/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./60/file1/lost+found") = 0
umount2("./60/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./60/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file0/file0") = 0
umount2("./60/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file0/file1") = 0
umount2("./60/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./60/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./60/file1/file0") = 0
umount2("./60/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file1") = 0
umount2("./60/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file2") = 0
umount2("./60/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file3") = 0
umount2("./60/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file1") = -1 EBUSY (Device or resource busy)
umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./60/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 490
./strace-static-x86_64: Process 490 attached
[pid 490] set_robust_list(0x555557163660, 24) = 0
[pid 490] chdir("./61") = 0
[pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 490] setpgid(0, 0) = 0
[pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 490] write(3, "1000", 4) = 4
[pid 490] close(3) = 0
[pid 490] symlink("/dev/binderfs", "./binderfs") = 0
[pid 490] write(1, "executing program\n", 18executing program
) = 18
[pid 490] memfd_create("syzkaller", 0) = 3
[pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 490] munmap(0x7f1009176000, 138412032) = 0
[ 27.685478][ T487] loop0: detected capacity change from 0 to 1024
[ 27.692608][ T487] EXT4-fs: Ignoring removed orlov option
[ 27.698246][ T487] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 490] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 490] close(3) = 0
[pid 490] close(4) = 0
[pid 490] mkdir("./file1", 0777) = 0
[pid 490] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 490] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 490] chdir("./file1") = 0
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 490] ioctl(4, LOOP_CLR_FD) = 0
[pid 490] close(4) = 0
[pid 490] chdir("./file0") = 0
[pid 490] creat("./bus", 000) = 4
[pid 490] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 490] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 490] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 490] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 490] exit_group(0) = ?
[pid 490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./61/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./61/file1/lost+found") = 0
umount2("./61/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./61/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file0/file0") = 0
umount2("./61/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file0/file1") = 0
umount2("./61/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./61/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./61/file1/file0") = 0
umount2("./61/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file1") = 0
umount2("./61/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file2") = 0
umount2("./61/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file3") = 0
umount2("./61/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file1") = -1 EBUSY (Device or resource busy)
umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./61/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 493
./strace-static-x86_64: Process 493 attached
[pid 493] set_robust_list(0x555557163660, 24) = 0
[pid 493] chdir("./62") = 0
[pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 493] setpgid(0, 0) = 0
[pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 493] write(3, "1000", 4) = 4
[pid 493] close(3) = 0
[pid 493] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 493] write(1, "executing program\n", 18) = 18
[pid 493] memfd_create("syzkaller", 0) = 3
[pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 493] munmap(0x7f1009176000, 138412032) = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.734674][ T490] loop0: detected capacity change from 0 to 1024
[ 27.741655][ T490] EXT4-fs: Ignoring removed orlov option
[ 27.747373][ T490] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 493] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 493] close(3) = 0
[pid 493] close(4) = 0
[pid 493] mkdir("./file1", 0777) = 0
[pid 493] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 493] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 493] chdir("./file1") = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 493] ioctl(4, LOOP_CLR_FD) = 0
[pid 493] close(4) = 0
[pid 493] chdir("./file0") = 0
[pid 493] creat("./bus", 000) = 4
[pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 493] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 493] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 493] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 493] exit_group(0) = ?
[pid 493] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./62/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./62/file1/lost+found") = 0
umount2("./62/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./62/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file0/file0") = 0
umount2("./62/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file0/file1") = 0
umount2("./62/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./62/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./62/file1/file0") = 0
umount2("./62/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file1") = 0
umount2("./62/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file2") = 0
umount2("./62/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file3") = 0
umount2("./62/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file1") = -1 EBUSY (Device or resource busy)
umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./62/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 496
./strace-static-x86_64: Process 496 attached
[pid 496] set_robust_list(0x555557163660, 24) = 0
[pid 496] chdir("./63") = 0
[pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 496] setpgid(0, 0) = 0
[pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 496] write(3, "1000", 4) = 4
[pid 496] close(3) = 0
[pid 496] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 496] write(1, "executing program\n", 18) = 18
[pid 496] memfd_create("syzkaller", 0) = 3
[pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 496] munmap(0x7f1009176000, 138412032) = 0
[pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.794379][ T493] loop0: detected capacity change from 0 to 1024
[ 27.801513][ T493] EXT4-fs: Ignoring removed orlov option
[ 27.807053][ T493] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 496] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 496] close(3) = 0
[pid 496] close(4) = 0
[pid 496] mkdir("./file1", 0777) = 0
[pid 496] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 496] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 496] chdir("./file1") = 0
[pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 496] ioctl(4, LOOP_CLR_FD) = 0
[pid 496] close(4) = 0
[pid 496] chdir("./file0") = 0
[pid 496] creat("./bus", 000) = 4
[pid 496] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 496] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 496] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 496] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 496] exit_group(0) = ?
[pid 496] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./63/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./63/file1/lost+found") = 0
umount2("./63/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./63/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file0/file0") = 0
umount2("./63/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file0/file1") = 0
umount2("./63/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./63/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./63/file1/file0") = 0
umount2("./63/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file1") = 0
umount2("./63/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file2") = 0
umount2("./63/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file3") = 0
umount2("./63/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file1") = -1 EBUSY (Device or resource busy)
umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./63/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 499
./strace-static-x86_64: Process 499 attached
[pid 499] set_robust_list(0x555557163660, 24) = 0
[pid 499] chdir("./64") = 0
[pid 499] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program
) = 0
[pid 499] setpgid(0, 0) = 0
[pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 499] write(3, "1000", 4) = 4
[pid 499] close(3) = 0
[pid 499] symlink("/dev/binderfs", "./binderfs") = 0
[pid 499] write(1, "executing program\n", 18) = 18
[pid 499] memfd_create("syzkaller", 0) = 3
[pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 499] munmap(0x7f1009176000, 138412032) = 0
[ 27.847207][ T496] loop0: detected capacity change from 0 to 1024
[ 27.855034][ T496] EXT4-fs: Ignoring removed orlov option
[ 27.860783][ T496] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 499] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 499] close(3) = 0
[pid 499] close(4) = 0
[pid 499] mkdir("./file1", 0777) = 0
[pid 499] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 499] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 499] chdir("./file1") = 0
[pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 499] ioctl(4, LOOP_CLR_FD) = 0
[pid 499] close(4) = 0
[pid 499] chdir("./file0") = 0
[pid 499] creat("./bus", 000) = 4
[pid 499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 499] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 499] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 499] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 499] exit_group(0) = ?
[pid 499] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./64/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./64/file1/lost+found") = 0
umount2("./64/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./64/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file0/file0") = 0
umount2("./64/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file0/file1") = 0
umount2("./64/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./64/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./64/file1/file0") = 0
umount2("./64/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file1") = 0
umount2("./64/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file2") = 0
umount2("./64/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file3") = 0
umount2("./64/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file1") = -1 EBUSY (Device or resource busy)
umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./64/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 502
./strace-static-x86_64: Process 502 attached
[pid 502] set_robust_list(0x555557163660, 24) = 0
[pid 502] chdir("./65") = 0
[pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 502] setpgid(0, 0) = 0
[pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 502] write(3, "1000", 4) = 4
[pid 502] close(3) = 0
[pid 502] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 502] write(1, "executing program\n", 18) = 18
[pid 502] memfd_create("syzkaller", 0) = 3
[pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 502] munmap(0x7f1009176000, 138412032) = 0
[pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.905105][ T499] loop0: detected capacity change from 0 to 1024
[ 27.912485][ T499] EXT4-fs: Ignoring removed orlov option
[ 27.918027][ T499] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 502] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 502] close(3) = 0
[pid 502] close(4) = 0
[pid 502] mkdir("./file1", 0777) = 0
[pid 502] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 502] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 502] chdir("./file1") = 0
[pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 502] ioctl(4, LOOP_CLR_FD) = 0
[pid 502] close(4) = 0
[pid 502] chdir("./file0") = 0
[pid 502] creat("./bus", 000) = 4
[pid 502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 502] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 502] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 502] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 502] exit_group(0) = ?
[pid 502] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./65/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./65/file1/lost+found") = 0
umount2("./65/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./65/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file0/file0") = 0
umount2("./65/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file0/file1") = 0
umount2("./65/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./65/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./65/file1/file0") = 0
umount2("./65/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file1") = 0
umount2("./65/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file2") = 0
umount2("./65/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file3") = 0
umount2("./65/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file1") = -1 EBUSY (Device or resource busy)
umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./65/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 505
./strace-static-x86_64: Process 505 attached
[pid 505] set_robust_list(0x555557163660, 24) = 0
[pid 505] chdir("./66") = 0
[pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 505] setpgid(0, 0) = 0
[pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 505] write(3, "1000", 4) = 4
[pid 505] close(3) = 0
[pid 505] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 505] write(1, "executing program\n", 18) = 18
[pid 505] memfd_create("syzkaller", 0) = 3
[pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 505] munmap(0x7f1009176000, 138412032) = 0
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.959587][ T502] loop0: detected capacity change from 0 to 1024
[ 27.966982][ T502] EXT4-fs: Ignoring removed orlov option
[ 27.972539][ T502] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 505] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 505] close(3) = 0
[pid 505] close(4) = 0
[pid 505] mkdir("./file1", 0777) = 0
[pid 505] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 505] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 505] chdir("./file1") = 0
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 505] ioctl(4, LOOP_CLR_FD) = 0
[pid 505] close(4) = 0
[pid 505] chdir("./file0") = 0
[pid 505] creat("./bus", 000) = 4
[pid 505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 505] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 505] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 505] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 505] exit_group(0) = ?
[pid 505] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./66/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./66/file1/lost+found") = 0
umount2("./66/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./66/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file0/file0") = 0
umount2("./66/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file0/file1") = 0
umount2("./66/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./66/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./66/file1/file0") = 0
umount2("./66/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file1") = 0
umount2("./66/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file2") = 0
umount2("./66/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file3") = 0
umount2("./66/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file1") = -1 EBUSY (Device or resource busy)
umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./66/file1"executing program
) = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 508
./strace-static-x86_64: Process 508 attached
[pid 508] set_robust_list(0x555557163660, 24) = 0
[pid 508] chdir("./67") = 0
[pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 508] setpgid(0, 0) = 0
[pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 508] write(3, "1000", 4) = 4
[pid 508] close(3) = 0
[pid 508] symlink("/dev/binderfs", "./binderfs") = 0
[pid 508] write(1, "executing program\n", 18) = 18
[pid 508] memfd_create("syzkaller", 0) = 3
[pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 28.017752][ T505] loop0: detected capacity change from 0 to 1024
[ 28.024690][ T505] EXT4-fs: Ignoring removed orlov option
[ 28.030300][ T505] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 508] munmap(0x7f1009176000, 138412032) = 0
[pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 508] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 508] close(3) = 0
[pid 508] close(4) = 0
[pid 508] mkdir("./file1", 0777) = 0
[pid 508] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 508] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 508] chdir("./file1") = 0
[pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 508] ioctl(4, LOOP_CLR_FD) = 0
[pid 508] close(4) = 0
[pid 508] chdir("./file0") = 0
[pid 508] creat("./bus", 000) = 4
[pid 508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 508] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 508] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 508] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 508] exit_group(0) = ?
[pid 508] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./67/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./67/file1/lost+found") = 0
umount2("./67/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./67/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file0/file0") = 0
umount2("./67/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file0/file1") = 0
umount2("./67/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./67/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./67/file1/file0") = 0
umount2("./67/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file1") = 0
umount2("./67/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file2") = 0
umount2("./67/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file3") = 0
umount2("./67/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file1") = -1 EBUSY (Device or resource busy)
umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./67/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 511
./strace-static-x86_64: Process 511 attached
[pid 511] set_robust_list(0x555557163660, 24) = 0
[pid 511] chdir("./68") = 0
[pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 511] setpgid(0, 0) = 0
[ 28.080707][ T508] loop0: detected capacity change from 0 to 1024
[ 28.089668][ T508] EXT4-fs: Ignoring removed orlov option
[ 28.095174][ T508] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 511] write(3, "1000", 4) = 4
[pid 511] close(3) = 0
[pid 511] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 511] write(1, "executing program\n", 18) = 18
[pid 511] memfd_create("syzkaller", 0) = 3
[pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 511] munmap(0x7f1009176000, 138412032) = 0
[pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 511] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 511] close(3) = 0
[pid 511] close(4) = 0
[pid 511] mkdir("./file1", 0777) = 0
[pid 511] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 511] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 511] chdir("./file1") = 0
[pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 511] ioctl(4, LOOP_CLR_FD) = 0
[pid 511] close(4) = 0
[pid 511] chdir("./file0") = 0
[pid 511] creat("./bus", 000) = 4
[pid 511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 511] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 511] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 511] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 511] exit_group(0) = ?
[pid 511] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./68/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./68/file1/lost+found") = 0
umount2("./68/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./68/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file0/file0") = 0
umount2("./68/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file0/file1") = 0
umount2("./68/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./68/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./68/file1/file0") = 0
umount2("./68/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file1") = 0
umount2("./68/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file2") = 0
umount2("./68/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file3") = 0
umount2("./68/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file1") = -1 EBUSY (Device or resource busy)
umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./68/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 514
./strace-static-x86_64: Process 514 attached
[pid 514] set_robust_list(0x555557163660, 24) = 0
[pid 514] chdir("./69") = 0
[pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 514] setpgid(0, 0) = 0
[pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 514] write(3, "1000", 4) = 4
[pid 514] close(3) = 0
[pid 514] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 514] write(1, "executing program\n", 18) = 18
[pid 514] memfd_create("syzkaller", 0) = 3
[pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 28.146076][ T511] loop0: detected capacity change from 0 to 1024
[ 28.153659][ T511] EXT4-fs: Ignoring removed orlov option
[ 28.159504][ T511] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 514] munmap(0x7f1009176000, 138412032) = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 514] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 514] close(3) = 0
[pid 514] close(4) = 0
[pid 514] mkdir("./file1", 0777) = 0
[pid 514] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 514] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 514] chdir("./file1") = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 514] ioctl(4, LOOP_CLR_FD) = 0
[pid 514] close(4) = 0
[pid 514] chdir("./file0") = 0
[pid 514] creat("./bus", 000) = 4
[pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 514] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 514] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 514] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 514] exit_group(0) = ?
[pid 514] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./69/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./69/file1/lost+found") = 0
umount2("./69/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./69/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file0/file0") = 0
umount2("./69/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file0/file1") = 0
umount2("./69/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./69/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./69/file1/file0") = 0
umount2("./69/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file1") = 0
umount2("./69/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file2") = 0
umount2("./69/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file3") = 0
umount2("./69/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file1") = -1 EBUSY (Device or resource busy)
umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./69/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 517
./strace-static-x86_64: Process 517 attached
[pid 517] set_robust_list(0x555557163660, 24) = 0
[pid 517] chdir("./70") = 0
[pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 517] setpgid(0, 0) = 0
[pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 517] write(3, "1000", 4) = 4
[pid 517] close(3) = 0
[pid 517] symlink("/dev/binderfs", "./binderfs") = 0
[pid 517] write(1, "executing program\n", 18) = 18
[pid 517] memfd_create("syzkaller", 0) = 3
[pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 28.207593][ T514] loop0: detected capacity change from 0 to 1024
[ 28.215510][ T514] EXT4-fs: Ignoring removed orlov option
[ 28.221288][ T514] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 517] munmap(0x7f1009176000, 138412032) = 0
[pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 517] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 517] close(3) = 0
[pid 517] close(4) = 0
[pid 517] mkdir("./file1", 0777) = 0
[pid 517] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 517] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 517] chdir("./file1") = 0
[pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 517] ioctl(4, LOOP_CLR_FD) = 0
[pid 517] close(4) = 0
[pid 517] chdir("./file0") = 0
[pid 517] creat("./bus", 000) = 4
[pid 517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 517] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 517] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 517] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 517] exit_group(0) = ?
[pid 517] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./70/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./70/file1/lost+found") = 0
umount2("./70/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./70/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file0/file0") = 0
umount2("./70/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file0/file1") = 0
umount2("./70/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./70/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./70/file1/file0") = 0
umount2("./70/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file1") = 0
umount2("./70/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file2") = 0
umount2("./70/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file3") = 0
umount2("./70/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file1") = -1 EBUSY (Device or resource busy)
umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./70/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 520
./strace-static-x86_64: Process 520 attached
[pid 520] set_robust_list(0x555557163660, 24) = 0
[pid 520] chdir("./71") = 0
[pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 520] setpgid(0, 0) = 0
[pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 520] write(3, "1000", 4) = 4
[pid 520] close(3) = 0
[pid 520] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 520] write(1, "executing program\n", 18) = 18
[pid 520] memfd_create("syzkaller", 0) = 3
[pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 520] munmap(0x7f1009176000, 138412032) = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.271363][ T517] loop0: detected capacity change from 0 to 1024
[ 28.279107][ T517] EXT4-fs: Ignoring removed orlov option
[ 28.284626][ T517] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 520] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 520] close(3) = 0
[pid 520] close(4) = 0
[pid 520] mkdir("./file1", 0777) = 0
[pid 520] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 520] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 520] chdir("./file1") = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 520] ioctl(4, LOOP_CLR_FD) = 0
[pid 520] close(4) = 0
[pid 520] chdir("./file0") = 0
[pid 520] creat("./bus", 000) = 4
[pid 520] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 520] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 520] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 520] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 520] exit_group(0) = ?
[pid 520] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./71/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./71/file1/lost+found") = 0
umount2("./71/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./71/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file0/file0") = 0
umount2("./71/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file0/file1") = 0
umount2("./71/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./71/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./71/file1/file0") = 0
umount2("./71/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file1") = 0
umount2("./71/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file2") = 0
umount2("./71/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file3") = 0
umount2("./71/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file1") = -1 EBUSY (Device or resource busy)
umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./71/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 523
./strace-static-x86_64: Process 523 attached
[pid 523] set_robust_list(0x555557163660, 24) = 0
[pid 523] chdir("./72") = 0
[pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 523] setpgid(0, 0) = 0
[pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 523] write(3, "1000", 4) = 4
[pid 523] close(3) = 0
[pid 523] symlink("/dev/binderfs", "./binderfs") = 0
[pid 523] write(1, "executing program\n", 18executing program
) = 18
[pid 523] memfd_create("syzkaller", 0) = 3
[pid 523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 28.327906][ T520] loop0: detected capacity change from 0 to 1024
[ 28.334953][ T520] EXT4-fs: Ignoring removed orlov option
[ 28.340660][ T520] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 523] munmap(0x7f1009176000, 138412032) = 0
[pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 523] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 523] close(3) = 0
[pid 523] close(4) = 0
[pid 523] mkdir("./file1", 0777) = 0
[pid 523] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 523] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 523] chdir("./file1") = 0
[pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 523] ioctl(4, LOOP_CLR_FD) = 0
[pid 523] close(4) = 0
[pid 523] chdir("./file0") = 0
[pid 523] creat("./bus", 000) = 4
[pid 523] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 523] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 523] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 523] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 523] exit_group(0) = ?
[pid 523] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./72/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./72/file1/lost+found") = 0
umount2("./72/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./72/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file0/file0") = 0
umount2("./72/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file0/file1") = 0
umount2("./72/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./72/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./72/file1/file0") = 0
umount2("./72/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file1") = 0
umount2("./72/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file2") = 0
umount2("./72/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file3") = 0
umount2("./72/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file1") = -1 EBUSY (Device or resource busy)
umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./72/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 526
./strace-static-x86_64: Process 526 attached
[pid 526] set_robust_list(0x555557163660, 24) = 0
[pid 526] chdir("./73") = 0
[pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 526] setpgid(0, 0) = 0
[pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 526] write(3, "1000", 4) = 4
[pid 526] close(3) = 0
[pid 526] symlink("/dev/binderfs", "./binderfs") = 0
[pid 526] write(1, "executing program\n", 18executing program
) = 18
[ 28.392886][ T523] loop0: detected capacity change from 0 to 1024
[ 28.400064][ T523] EXT4-fs: Ignoring removed orlov option
[ 28.405565][ T523] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 526] memfd_create("syzkaller", 0) = 3
[pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 526] munmap(0x7f1009176000, 138412032) = 0
[pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 526] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 526] close(3) = 0
[pid 526] close(4) = 0
[pid 526] mkdir("./file1", 0777) = 0
[pid 526] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 526] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 526] chdir("./file1") = 0
[pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 526] ioctl(4, LOOP_CLR_FD) = 0
[pid 526] close(4) = 0
[pid 526] chdir("./file0") = 0
[pid 526] creat("./bus", 000) = 4
[pid 526] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 526] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 526] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 526] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 526] exit_group(0) = ?
[pid 526] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=526, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./73/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./73/file1/lost+found") = 0
umount2("./73/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./73/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file0/file0") = 0
umount2("./73/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file0/file1") = 0
umount2("./73/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./73/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./73/file1/file0") = 0
umount2("./73/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file1") = 0
umount2("./73/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file2") = 0
umount2("./73/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file3") = 0
umount2("./73/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file1") = -1 EBUSY (Device or resource busy)
umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./73/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 530
./strace-static-x86_64: Process 530 attached
[pid 530] set_robust_list(0x555557163660, 24) = 0
[pid 530] chdir("./74") = 0
[pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 530] setpgid(0, 0) = 0
[pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 530] write(3, "1000", 4) = 4
[pid 530] close(3) = 0
[pid 530] symlink("/dev/binderfs", "./binderfs") = 0
[pid 530] write(1, "executing program\n", 18executing program
) = 18
[pid 530] memfd_create("syzkaller", 0) = 3
[pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 530] munmap(0x7f1009176000, 138412032) = 0
[pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.457264][ T526] loop0: detected capacity change from 0 to 1024
[ 28.464754][ T526] EXT4-fs: Ignoring removed orlov option
[ 28.470673][ T526] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 530] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 530] close(3) = 0
[pid 530] close(4) = 0
[pid 530] mkdir("./file1", 0777) = 0
[pid 530] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 530] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 530] chdir("./file1") = 0
[pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 530] ioctl(4, LOOP_CLR_FD) = 0
[pid 530] close(4) = 0
[pid 530] chdir("./file0") = 0
[pid 530] creat("./bus", 000) = 4
[pid 530] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 530] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 530] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 530] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 530] exit_group(0) = ?
[pid 530] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=530, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./74/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./74/file1/lost+found") = 0
umount2("./74/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./74/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file0/file0") = 0
umount2("./74/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file0/file1") = 0
umount2("./74/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./74/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./74/file1/file0") = 0
umount2("./74/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file1") = 0
umount2("./74/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file2") = 0
umount2("./74/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file3") = 0
umount2("./74/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file1") = -1 EBUSY (Device or resource busy)
umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./74/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 534
./strace-static-x86_64: Process 534 attached
[pid 534] set_robust_list(0x555557163660, 24) = 0
[pid 534] chdir("./75") = 0
[pid 534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 534] setpgid(0, 0) = 0
[pid 534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 534] write(3, "1000", 4) = 4
[pid 534] close(3) = 0
[pid 534] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[ 28.517879][ T530] loop0: detected capacity change from 0 to 1024
[ 28.524971][ T530] EXT4-fs: Ignoring removed orlov option
[ 28.530635][ T530] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 534] write(1, "executing program\n", 18) = 18
[pid 534] memfd_create("syzkaller", 0) = 3
[pid 534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 534] munmap(0x7f1009176000, 138412032) = 0
[pid 534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 534] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 534] close(3) = 0
[pid 534] close(4) = 0
[pid 534] mkdir("./file1", 0777) = 0
[pid 534] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 534] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 534] chdir("./file1") = 0
[pid 534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 534] ioctl(4, LOOP_CLR_FD) = 0
[pid 534] close(4) = 0
[pid 534] chdir("./file0") = 0
[pid 534] creat("./bus", 000) = 4
[pid 534] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 534] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 534] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 534] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 534] exit_group(0) = ?
[pid 534] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=534, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs") = 0
umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./75/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./75/file1/lost+found") = 0
umount2("./75/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./75/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file0/file0") = 0
umount2("./75/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file0/file1") = 0
umount2("./75/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./75/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./75/file1/file0") = 0
umount2("./75/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file1") = 0
umount2("./75/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file2") = 0
umount2("./75/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file3") = 0
umount2("./75/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file1") = -1 EBUSY (Device or resource busy)
umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./75/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 537
./strace-static-x86_64: Process 537 attached
[pid 537] set_robust_list(0x555557163660, 24) = 0
[pid 537] chdir("./76") = 0
[pid 537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 537] setpgid(0, 0) = 0
[pid 537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 537] write(3, "1000", 4) = 4
[pid 537] close(3) = 0
[pid 537] symlink("/dev/binderfs", "./binderfs") = 0
[pid 537] write(1, "executing program\n", 18) = 18
[pid 537] memfd_create("syzkaller", 0) = 3
[pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 537] munmap(0x7f1009176000, 138412032) = 0
[pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.582812][ T534] loop0: detected capacity change from 0 to 1024
[ 28.589867][ T534] EXT4-fs: Ignoring removed orlov option
[ 28.595451][ T534] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 537] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 537] close(3) = 0
[pid 537] close(4) = 0
[pid 537] mkdir("./file1", 0777) = 0
[pid 537] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 537] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 537] chdir("./file1") = 0
[pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 537] ioctl(4, LOOP_CLR_FD) = 0
[pid 537] close(4) = 0
[pid 537] chdir("./file0") = 0
[pid 537] creat("./bus", 000) = 4
[pid 537] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 537] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 537] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 537] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 537] exit_group(0) = ?
[pid 537] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=537, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/binderfs") = 0
umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./76/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./76/file1/lost+found") = 0
umount2("./76/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./76/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file0/file0") = 0
umount2("./76/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file0/file1") = 0
umount2("./76/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./76/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./76/file1/file0") = 0
umount2("./76/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file1") = 0
umount2("./76/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file2") = 0
umount2("./76/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file3") = 0
umount2("./76/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file1") = -1 EBUSY (Device or resource busy)
umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./76/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 540
./strace-static-x86_64: Process 540 attached
[pid 540] set_robust_list(0x555557163660, 24) = 0
[pid 540] chdir("./77") = 0
[pid 540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 540] setpgid(0, 0) = 0
[pid 540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 540] write(3, "1000", 4) = 4
[pid 540] close(3) = 0
[pid 540] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 540] write(1, "executing program\n", 18) = 18
[pid 540] memfd_create("syzkaller", 0) = 3
[pid 540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 540] munmap(0x7f1009176000, 138412032) = 0
[pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.640060][ T537] loop0: detected capacity change from 0 to 1024
[ 28.647580][ T537] EXT4-fs: Ignoring removed orlov option
[ 28.653106][ T537] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 540] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 540] close(3) = 0
[pid 540] close(4) = 0
[pid 540] mkdir("./file1", 0777) = 0
[pid 540] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 540] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 540] chdir("./file1") = 0
[pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 540] ioctl(4, LOOP_CLR_FD) = 0
[pid 540] close(4) = 0
[pid 540] chdir("./file0") = 0
[pid 540] creat("./bus", 000) = 4
[pid 540] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 540] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 540] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 540] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 540] exit_group(0) = ?
[pid 540] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=540, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs") = 0
umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./77/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./77/file1/lost+found") = 0
umount2("./77/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./77/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file0/file0") = 0
umount2("./77/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file0/file1") = 0
umount2("./77/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./77/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./77/file1/file0") = 0
umount2("./77/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file1") = 0
umount2("./77/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file2") = 0
umount2("./77/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file3") = 0
umount2("./77/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file1") = -1 EBUSY (Device or resource busy)
umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./77/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 543
./strace-static-x86_64: Process 543 attached
[pid 543] set_robust_list(0x555557163660, 24) = 0
[pid 543] chdir("./78") = 0
[pid 543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 543] setpgid(0, 0) = 0
[pid 543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 543] write(3, "1000", 4) = 4
[pid 543] close(3) = 0
[pid 543] symlink("/dev/binderfs", "./binderfs") = 0
[pid 543] write(1, "executing program\n", 18) = 18
[pid 543] memfd_create("syzkaller", 0) = 3
[pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 543] munmap(0x7f1009176000, 138412032) = 0
[pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.699865][ T540] loop0: detected capacity change from 0 to 1024
[ 28.707004][ T540] EXT4-fs: Ignoring removed orlov option
[ 28.712502][ T540] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 543] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 543] close(3) = 0
[pid 543] close(4) = 0
[pid 543] mkdir("./file1", 0777) = 0
[pid 543] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 543] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 543] chdir("./file1") = 0
[pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 543] ioctl(4, LOOP_CLR_FD) = 0
[pid 543] close(4) = 0
[pid 543] chdir("./file0") = 0
[pid 543] creat("./bus", 000) = 4
[pid 543] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 543] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 543] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 543] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 543] exit_group(0) = ?
[pid 543] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=543, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs") = 0
umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./78/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./78/file1/lost+found") = 0
umount2("./78/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./78/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file0/file0") = 0
umount2("./78/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file0/file1") = 0
umount2("./78/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./78/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./78/file1/file0") = 0
umount2("./78/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file1") = 0
umount2("./78/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file2") = 0
umount2("./78/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file3") = 0
umount2("./78/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file1") = -1 EBUSY (Device or resource busy)
umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./78/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 546
./strace-static-x86_64: Process 546 attached
[pid 546] set_robust_list(0x555557163660, 24) = 0
[pid 546] chdir("./79") = 0
[pid 546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 546] setpgid(0, 0) = 0
[pid 546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 546] write(3, "1000", 4) = 4
[pid 546] close(3) = 0
[pid 546] symlink("/dev/binderfs", "./binderfs") = 0
[pid 546] write(1, "executing program\n", 18) = 18
[pid 546] memfd_create("syzkaller", 0) = 3
[pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 546] munmap(0x7f1009176000, 138412032) = 0
[pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.758295][ T543] loop0: detected capacity change from 0 to 1024
[ 28.765877][ T543] EXT4-fs: Ignoring removed orlov option
[ 28.771448][ T543] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 546] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 546] close(3) = 0
[pid 546] close(4) = 0
[pid 546] mkdir("./file1", 0777) = 0
[pid 546] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 546] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 546] chdir("./file1") = 0
[pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 546] ioctl(4, LOOP_CLR_FD) = 0
[pid 546] close(4) = 0
[pid 546] chdir("./file0") = 0
[pid 546] creat("./bus", 000) = 4
[pid 546] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 546] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 546] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 546] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 546] exit_group(0) = ?
[pid 546] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=546, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs") = 0
umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./79/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./79/file1/lost+found") = 0
umount2("./79/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./79/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file0/file0") = 0
umount2("./79/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file0/file1") = 0
umount2("./79/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./79/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./79/file1/file0") = 0
umount2("./79/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file1") = 0
umount2("./79/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file2") = 0
umount2("./79/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file3") = 0
umount2("./79/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file1") = -1 EBUSY (Device or resource busy)
umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./79/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
[ 28.817975][ T546] loop0: detected capacity change from 0 to 1024
[ 28.825129][ T546] EXT4-fs: Ignoring removed orlov option
[ 28.830704][ T546] EXT4-fs: Ignoring removed nomblk_io_submit option
mkdir("./80", 0777executing program
) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 549
./strace-static-x86_64: Process 549 attached
[pid 549] set_robust_list(0x555557163660, 24) = 0
[pid 549] chdir("./80") = 0
[pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 549] setpgid(0, 0) = 0
[pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 549] write(3, "1000", 4) = 4
[pid 549] close(3) = 0
[pid 549] symlink("/dev/binderfs", "./binderfs") = 0
[pid 549] write(1, "executing program\n", 18) = 18
[pid 549] memfd_create("syzkaller", 0) = 3
[pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 549] munmap(0x7f1009176000, 138412032) = 0
[pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 549] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 549] close(3) = 0
[pid 549] close(4) = 0
[pid 549] mkdir("./file1", 0777) = 0
[pid 549] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 549] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 549] chdir("./file1") = 0
[pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 549] ioctl(4, LOOP_CLR_FD) = 0
[pid 549] close(4) = 0
[pid 549] chdir("./file0") = 0
[pid 549] creat("./bus", 000) = 4
[pid 549] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 549] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 549] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 549] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 549] exit_group(0) = ?
[pid 549] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=549, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs") = 0
umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./80/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./80/file1/lost+found") = 0
umount2("./80/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./80/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file0/file0") = 0
umount2("./80/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file0/file1") = 0
umount2("./80/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./80/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./80/file1/file0") = 0
umount2("./80/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file1") = 0
umount2("./80/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file2") = 0
umount2("./80/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file3") = 0
umount2("./80/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file1") = -1 EBUSY (Device or resource busy)
umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./80/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 552
./strace-static-x86_64: Process 552 attached
[pid 552] set_robust_list(0x555557163660, 24) = 0
[pid 552] chdir("./81") = 0
[pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 552] setpgid(0, 0) = 0
[pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 552] write(3, "1000", 4) = 4
[pid 552] close(3) = 0
[pid 552] symlink("/dev/binderfs", "./binderfs") = 0
[pid 552] write(1, "executing program\n", 18) = 18
[pid 552] memfd_create("syzkaller", 0) = 3
[pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 552] munmap(0x7f1009176000, 138412032) = 0
[pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.883294][ T549] loop0: detected capacity change from 0 to 1024
[ 28.891488][ T549] EXT4-fs: Ignoring removed orlov option
[ 28.897055][ T549] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 552] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 552] close(3) = 0
[pid 552] close(4) = 0
[pid 552] mkdir("./file1", 0777) = 0
[pid 552] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 552] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 552] chdir("./file1") = 0
[pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 552] ioctl(4, LOOP_CLR_FD) = 0
[pid 552] close(4) = 0
[pid 552] chdir("./file0") = 0
[pid 552] creat("./bus", 000) = 4
[pid 552] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 552] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 552] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 552] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 552] exit_group(0) = ?
[pid 552] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=552, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs") = 0
umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./81/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./81/file1/lost+found") = 0
umount2("./81/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./81/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file0/file0") = 0
umount2("./81/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file0/file1") = 0
umount2("./81/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./81/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./81/file1/file0") = 0
umount2("./81/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file1") = 0
umount2("./81/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file2") = 0
umount2("./81/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file3") = 0
umount2("./81/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file1") = -1 EBUSY (Device or resource busy)
umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./81/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 555
./strace-static-x86_64: Process 555 attached
[pid 555] set_robust_list(0x555557163660, 24) = 0
[pid 555] chdir("./82"executing program
) = 0
[pid 555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 555] setpgid(0, 0) = 0
[pid 555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 555] write(3, "1000", 4) = 4
[pid 555] close(3) = 0
[pid 555] symlink("/dev/binderfs", "./binderfs") = 0
[pid 555] write(1, "executing program\n", 18) = 18
[pid 555] memfd_create("syzkaller", 0) = 3
[pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 28.941522][ T552] loop0: detected capacity change from 0 to 1024
[ 28.948665][ T552] EXT4-fs: Ignoring removed orlov option
[ 28.954166][ T552] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 555] munmap(0x7f1009176000, 138412032) = 0
[pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 555] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 555] close(3) = 0
[pid 555] close(4) = 0
[pid 555] mkdir("./file1", 0777) = 0
[pid 555] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 555] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 555] chdir("./file1") = 0
[pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 555] ioctl(4, LOOP_CLR_FD) = 0
[pid 555] close(4) = 0
[pid 555] chdir("./file0") = 0
[pid 555] creat("./bus", 000) = 4
[pid 555] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 555] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 555] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 555] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 555] exit_group(0) = ?
[pid 555] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=555, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs") = 0
umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./82/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./82/file1/lost+found") = 0
umount2("./82/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./82/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file0/file0") = 0
umount2("./82/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file0/file1") = 0
umount2("./82/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./82/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./82/file1/file0") = 0
umount2("./82/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file1") = 0
umount2("./82/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file2") = 0
umount2("./82/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file3") = 0
umount2("./82/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file1") = -1 EBUSY (Device or resource busy)
umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./82/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 558
./strace-static-x86_64: Process 558 attached
[pid 558] set_robust_list(0x555557163660, 24) = 0
[pid 558] chdir("./83") = 0
[pid 558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 558] setpgid(0, 0) = 0
[pid 558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 558] write(3, "1000", 4) = 4
[pid 558] close(3) = 0
[pid 558] symlink("/dev/binderfs", "./binderfs") = 0
[pid 558] write(1, "executing program\n", 18executing program
) = 18
[pid 558] memfd_create("syzkaller", 0) = 3
[pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 558] munmap(0x7f1009176000, 138412032) = 0
[pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.005016][ T555] loop0: detected capacity change from 0 to 1024
[ 29.013167][ T555] EXT4-fs: Ignoring removed orlov option
[ 29.018897][ T555] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 558] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 558] close(3) = 0
[pid 558] close(4) = 0
[pid 558] mkdir("./file1", 0777) = 0
[pid 558] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 558] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 558] chdir("./file1") = 0
[pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 558] ioctl(4, LOOP_CLR_FD) = 0
[pid 558] close(4) = 0
[pid 558] chdir("./file0") = 0
[pid 558] creat("./bus", 000) = 4
[pid 558] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 558] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 558] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 558] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 558] exit_group(0) = ?
[pid 558] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=558, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs") = 0
umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./83/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./83/file1/lost+found") = 0
umount2("./83/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./83/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file0/file0") = 0
umount2("./83/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file0/file1") = 0
umount2("./83/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./83/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./83/file1/file0") = 0
umount2("./83/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file1") = 0
umount2("./83/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file2") = 0
umount2("./83/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file3") = 0
umount2("./83/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file1") = -1 EBUSY (Device or resource busy)
umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./83/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 561
./strace-static-x86_64: Process 561 attached
[pid 561] set_robust_list(0x555557163660, 24) = 0
[pid 561] chdir("./84") = 0
[pid 561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 561] setpgid(0, 0) = 0
[pid 561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 561] write(3, "1000", 4) = 4
[pid 561] close(3) = 0
[pid 561] symlink("/dev/binderfs", "./binderfs") = 0
[pid 561] write(1, "executing program\n", 18) = 18
[pid 561] memfd_create("syzkaller", 0) = 3
[pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 29.063313][ T558] loop0: detected capacity change from 0 to 1024
[ 29.070365][ T558] EXT4-fs: Ignoring removed orlov option
[ 29.075837][ T558] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 561] munmap(0x7f1009176000, 138412032) = 0
[pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 561] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 561] close(3) = 0
[pid 561] close(4) = 0
[pid 561] mkdir("./file1", 0777) = 0
[pid 561] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 561] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 561] chdir("./file1") = 0
[pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 561] ioctl(4, LOOP_CLR_FD) = 0
[pid 561] close(4) = 0
[pid 561] chdir("./file0") = 0
[pid 561] creat("./bus", 000) = 4
[pid 561] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 561] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 561] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 561] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 561] exit_group(0) = ?
[pid 561] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=561, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs") = 0
umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./84/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./84/file1/lost+found") = 0
umount2("./84/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./84/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file0/file0") = 0
umount2("./84/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file0/file1") = 0
umount2("./84/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./84/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./84/file1/file0") = 0
umount2("./84/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file1") = 0
umount2("./84/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file2") = 0
umount2("./84/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file3") = 0
umount2("./84/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file1") = -1 EBUSY (Device or resource busy)
umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./84/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 564
./strace-static-x86_64: Process 564 attached
[pid 564] set_robust_list(0x555557163660, 24) = 0
[pid 564] chdir("./85") = 0
[pid 564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 564] setpgid(0, 0) = 0
[pid 564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid 564] write(3, "1000", 4) = 4
[pid 564] close(3) = 0
[pid 564] symlink("/dev/binderfs", "./binderfs") = 0
[pid 564] write(1, "executing program\n", 18) = 18
[pid 564] memfd_create("syzkaller", 0) = 3
[pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 564] munmap(0x7f1009176000, 138412032) = 0
[pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.126065][ T561] loop0: detected capacity change from 0 to 1024
[ 29.133048][ T561] EXT4-fs: Ignoring removed orlov option
[ 29.138794][ T561] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 564] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 564] close(3) = 0
[pid 564] close(4) = 0
[pid 564] mkdir("./file1", 0777) = 0
[pid 564] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 564] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 564] chdir("./file1") = 0
[pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 564] ioctl(4, LOOP_CLR_FD) = 0
[pid 564] close(4) = 0
[pid 564] chdir("./file0") = 0
[pid 564] creat("./bus", 000) = 4
[pid 564] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 564] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 564] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 564] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 564] exit_group(0) = ?
[pid 564] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=564, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs") = 0
umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./85/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./85/file1/lost+found") = 0
umount2("./85/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./85/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file0/file0") = 0
umount2("./85/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file0/file1") = 0
umount2("./85/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./85/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./85/file1/file0") = 0
umount2("./85/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file1") = 0
umount2("./85/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file2") = 0
umount2("./85/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file3") = 0
umount2("./85/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file1") = -1 EBUSY (Device or resource busy)
umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./85/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 29.186359][ T564] loop0: detected capacity change from 0 to 1024
[ 29.194074][ T564] EXT4-fs: Ignoring removed orlov option
[ 29.199843][ T564] EXT4-fs: Ignoring removed nomblk_io_submit option
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 567
./strace-static-x86_64: Process 567 attached
[pid 567] set_robust_list(0x555557163660, 24) = 0
[pid 567] chdir("./86") = 0
[pid 567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 567] setpgid(0, 0) = 0
[pid 567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 567] write(3, "1000", 4) = 4
[pid 567] close(3) = 0
[pid 567] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 567] write(1, "executing program\n", 18) = 18
[pid 567] memfd_create("syzkaller", 0) = 3
[pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 567] munmap(0x7f1009176000, 138412032) = 0
[pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 567] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 567] close(3) = 0
[pid 567] close(4) = 0
[pid 567] mkdir("./file1", 0777) = 0
[pid 567] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 567] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 567] chdir("./file1") = 0
[pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 567] ioctl(4, LOOP_CLR_FD) = 0
[pid 567] close(4) = 0
[pid 567] chdir("./file0") = 0
[pid 567] creat("./bus", 000) = 4
[pid 567] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 567] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 567] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 567] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 567] exit_group(0) = ?
[pid 567] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=567, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs") = 0
umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./86/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./86/file1/lost+found") = 0
umount2("./86/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./86/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file0/file0") = 0
umount2("./86/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file0/file1") = 0
umount2("./86/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./86/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./86/file1/file0") = 0
umount2("./86/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file1") = 0
umount2("./86/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file2") = 0
umount2("./86/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file3") = 0
umount2("./86/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file1") = -1 EBUSY (Device or resource busy)
umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./86/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 570 attached
, child_tidptr=0x555557163650) = 570
[pid 570] set_robust_list(0x555557163660, 24) = 0
[pid 570] chdir("./87") = 0
[pid 570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 570] setpgid(0, 0) = 0
[pid 570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 570] write(3, "1000", 4) = 4
[pid 570] close(3) = 0
[pid 570] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 570] write(1, "executing program\n", 18) = 18
[pid 570] memfd_create("syzkaller", 0) = 3
[pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 29.254301][ T567] loop0: detected capacity change from 0 to 1024
[ 29.261333][ T567] EXT4-fs: Ignoring removed orlov option
[ 29.267084][ T567] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 570] munmap(0x7f1009176000, 138412032) = 0
[pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 570] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 570] close(3) = 0
[pid 570] close(4) = 0
[pid 570] mkdir("./file1", 0777) = 0
[pid 570] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 570] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 570] chdir("./file1") = 0
[pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 570] ioctl(4, LOOP_CLR_FD) = 0
[pid 570] close(4) = 0
[pid 570] chdir("./file0") = 0
[pid 570] creat("./bus", 000) = 4
[pid 570] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 570] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 570] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 570] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 570] exit_group(0) = ?
[pid 570] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=570, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs") = 0
umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./87/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./87/file1/lost+found") = 0
umount2("./87/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./87/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file0/file0") = 0
umount2("./87/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file0/file1") = 0
umount2("./87/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./87/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./87/file1/file0") = 0
umount2("./87/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file1") = 0
umount2("./87/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file2") = 0
umount2("./87/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file3") = 0
umount2("./87/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file1") = -1 EBUSY (Device or resource busy)
umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./87/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 573
./strace-static-x86_64: Process 573 attached
[pid 573] set_robust_list(0x555557163660, 24) = 0
[pid 573] chdir("./88") = 0
[pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 573] setpgid(0, 0) = 0
[pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 573] write(3, "1000", 4) = 4
[pid 573] close(3) = 0
[pid 573] symlink("/dev/binderfs", "./binderfs") = 0
[pid 573] write(1, "executing program\n", 18) = 18
[pid 573] memfd_create("syzkaller", 0) = 3
[pid 573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 573] munmap(0x7f1009176000, 138412032) = 0
[pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.306075][ T570] loop0: detected capacity change from 0 to 1024
[ 29.313199][ T570] EXT4-fs: Ignoring removed orlov option
[ 29.318937][ T570] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 573] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 573] close(3) = 0
[pid 573] close(4) = 0
[pid 573] mkdir("./file1", 0777) = 0
[pid 573] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 573] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 573] chdir("./file1") = 0
[pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 573] ioctl(4, LOOP_CLR_FD) = 0
[pid 573] close(4) = 0
[pid 573] chdir("./file0") = 0
[pid 573] creat("./bus", 000) = 4
[pid 573] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 573] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 573] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 573] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 573] exit_group(0) = ?
[pid 573] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=573, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs") = 0
umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./88/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./88/file1/lost+found") = 0
umount2("./88/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./88/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file0/file0") = 0
umount2("./88/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file0/file1") = 0
umount2("./88/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./88/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./88/file1/file0") = 0
umount2("./88/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file1") = 0
umount2("./88/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file2") = 0
umount2("./88/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file3") = 0
umount2("./88/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file1") = -1 EBUSY (Device or resource busy)
umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./88/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 576
./strace-static-x86_64: Process 576 attached
[pid 576] set_robust_list(0x555557163660, 24) = 0
[pid 576] chdir("./89") = 0
[pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 576] setpgid(0, 0) = 0
[pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 576] write(3, "1000", 4) = 4
[pid 576] close(3) = 0
[pid 576] symlink("/dev/binderfs", "./binderfs") = 0
[pid 576] write(1, "executing program\n", 18) = 18
[pid 576] memfd_create("syzkaller", 0) = 3
[pid 576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 576] munmap(0x7f1009176000, 138412032) = 0
[pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.364414][ T573] loop0: detected capacity change from 0 to 1024
[ 29.372066][ T573] EXT4-fs: Ignoring removed orlov option
[ 29.377615][ T573] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 576] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 576] close(3) = 0
[pid 576] close(4) = 0
[pid 576] mkdir("./file1", 0777) = 0
[pid 576] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 576] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 576] chdir("./file1") = 0
[pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 576] ioctl(4, LOOP_CLR_FD) = 0
[pid 576] close(4) = 0
[pid 576] chdir("./file0") = 0
[pid 576] creat("./bus", 000) = 4
[pid 576] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 576] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 576] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 576] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 576] exit_group(0) = ?
[pid 576] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=576, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs") = 0
umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./89/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./89/file1/lost+found") = 0
umount2("./89/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./89/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file0/file0") = 0
umount2("./89/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file0/file1") = 0
umount2("./89/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./89/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./89/file1/file0") = 0
umount2("./89/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file1") = 0
umount2("./89/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file2") = 0
umount2("./89/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file3") = 0
umount2("./89/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file1") = -1 EBUSY (Device or resource busy)
umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./89/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 579
./strace-static-x86_64: Process 579 attached
[pid 579] set_robust_list(0x555557163660, 24) = 0
[pid 579] chdir("./90") = 0
[pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 579] setpgid(0, 0) = 0
[pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 579] write(3, "1000", 4) = 4
[pid 579] close(3) = 0
[pid 579] symlink("/dev/binderfs", "./binderfs") = 0
[pid 579] write(1, "executing program\n", 18) = 18
[pid 579] memfd_create("syzkaller", 0) = 3
[pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 29.423525][ T576] loop0: detected capacity change from 0 to 1024
[ 29.431254][ T576] EXT4-fs: Ignoring removed orlov option
[ 29.437053][ T576] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 579] munmap(0x7f1009176000, 138412032) = 0
[pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 579] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 579] close(3) = 0
[pid 579] close(4) = 0
[pid 579] mkdir("./file1", 0777) = 0
[pid 579] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 579] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 579] chdir("./file1") = 0
[pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 579] ioctl(4, LOOP_CLR_FD) = 0
[pid 579] close(4) = 0
[pid 579] chdir("./file0") = 0
[pid 579] creat("./bus", 000) = 4
[pid 579] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 579] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 579] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 579] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 579] exit_group(0) = ?
[pid 579] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=579, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs") = 0
umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./90/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./90/file1/lost+found") = 0
umount2("./90/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./90/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file0/file0") = 0
umount2("./90/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file0/file1") = 0
umount2("./90/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./90/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./90/file1/file0") = 0
umount2("./90/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file1") = 0
umount2("./90/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file2") = 0
umount2("./90/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file3") = 0
umount2("./90/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file1") = -1 EBUSY (Device or resource busy)
umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./90/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 583
./strace-static-x86_64: Process 583 attached
[pid 583] set_robust_list(0x555557163660, 24) = 0
[pid 583] chdir("./91") = 0
[pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 583] setpgid(0, 0) = 0
[pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 583] write(3, "1000", 4) = 4
[pid 583] close(3) = 0
[pid 583] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 583] write(1, "executing program\n", 18) = 18
[pid 583] memfd_create("syzkaller", 0) = 3
[pid 583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 583] munmap(0x7f1009176000, 138412032) = 0
[pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.485417][ T579] loop0: detected capacity change from 0 to 1024
[ 29.492617][ T579] EXT4-fs: Ignoring removed orlov option
[ 29.498339][ T579] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 583] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 583] close(3) = 0
[pid 583] close(4) = 0
[pid 583] mkdir("./file1", 0777) = 0
[pid 583] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 583] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 583] chdir("./file1") = 0
[pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 583] ioctl(4, LOOP_CLR_FD) = 0
[pid 583] close(4) = 0
[pid 583] chdir("./file0") = 0
[pid 583] creat("./bus", 000) = 4
[pid 583] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 583] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 583] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 583] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 583] exit_group(0) = ?
[pid 583] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=583, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs") = 0
umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./91/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./91/file1/lost+found") = 0
umount2("./91/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./91/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file0/file0") = 0
umount2("./91/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file0/file1") = 0
umount2("./91/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./91/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./91/file1/file0") = 0
umount2("./91/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file1") = 0
umount2("./91/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file2") = 0
umount2("./91/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file3") = 0
umount2("./91/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file1") = -1 EBUSY (Device or resource busy)
umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./91/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 29.538607][ T583] loop0: detected capacity change from 0 to 1024
[ 29.546482][ T583] EXT4-fs: Ignoring removed orlov option
[ 29.551974][ T583] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 586
./strace-static-x86_64: Process 586 attached
[pid 586] set_robust_list(0x555557163660, 24) = 0
[pid 586] chdir("./92") = 0
[pid 586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 586] setpgid(0, 0) = 0
[pid 586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 586] write(3, "1000", 4) = 4
[pid 586] close(3) = 0
[pid 586] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 586] write(1, "executing program\n", 18) = 18
[pid 586] memfd_create("syzkaller", 0) = 3
[pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 586] munmap(0x7f1009176000, 138412032) = 0
[pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 586] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 586] close(3) = 0
[pid 586] close(4) = 0
[pid 586] mkdir("./file1", 0777) = 0
[pid 586] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 586] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 586] chdir("./file1") = 0
[pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 586] ioctl(4, LOOP_CLR_FD) = 0
[pid 586] close(4) = 0
[pid 586] chdir("./file0") = 0
[pid 586] creat("./bus", 000) = 4
[pid 586] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 586] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 586] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 586] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 586] exit_group(0) = ?
[pid 586] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=586, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs") = 0
umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./92/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./92/file1/lost+found") = 0
umount2("./92/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./92/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file0/file0") = 0
umount2("./92/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file0/file1") = 0
umount2("./92/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./92/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./92/file1/file0") = 0
umount2("./92/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file1") = 0
umount2("./92/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file2") = 0
umount2("./92/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file3") = 0
umount2("./92/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file1") = -1 EBUSY (Device or resource busy)
umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./92/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 589
./strace-static-x86_64: Process 589 attached
[pid 589] set_robust_list(0x555557163660, 24) = 0
[pid 589] chdir("./93") = 0
[pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 589] setpgid(0, 0) = 0
[pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 589] write(3, "1000", 4) = 4
[pid 589] close(3) = 0
[ 29.606482][ T586] loop0: detected capacity change from 0 to 1024
[ 29.614367][ T586] EXT4-fs: Ignoring removed orlov option
[ 29.619974][ T586] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 589] symlink("/dev/binderfs", "./binderfs") = 0
[pid 589] write(1, "executing program\n", 18executing program
) = 18
[pid 589] memfd_create("syzkaller", 0) = 3
[pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 589] munmap(0x7f1009176000, 138412032) = 0
[pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 589] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 589] close(3) = 0
[pid 589] close(4) = 0
[pid 589] mkdir("./file1", 0777) = 0
[pid 589] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 589] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 589] chdir("./file1") = 0
[pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 589] ioctl(4, LOOP_CLR_FD) = 0
[pid 589] close(4) = 0
[pid 589] chdir("./file0") = 0
[pid 589] creat("./bus", 000) = 4
[pid 589] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 589] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 589] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 589] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 589] exit_group(0) = ?
[pid 589] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=589, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs") = 0
umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./93/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./93/file1/lost+found") = 0
umount2("./93/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./93/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file0/file0") = 0
umount2("./93/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file0/file1") = 0
umount2("./93/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./93/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./93/file1/file0") = 0
umount2("./93/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file1") = 0
umount2("./93/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file2") = 0
umount2("./93/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file3") = 0
umount2("./93/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file1") = -1 EBUSY (Device or resource busy)
umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./93/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 592
./strace-static-x86_64: Process 592 attached
[pid 592] set_robust_list(0x555557163660, 24) = 0
[pid 592] chdir("./94") = 0
[pid 592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 592] setpgid(0, 0) = 0
[pid 592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 592] write(3, "1000", 4) = 4
[pid 592] close(3) = 0
[pid 592] symlink("/dev/binderfs", "./binderfs") = 0
[pid 592] write(1, "executing program\n", 18) = 18
[pid 592] memfd_create("syzkaller", 0) = 3
[pid 592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 29.672018][ T589] loop0: detected capacity change from 0 to 1024
[ 29.679235][ T589] EXT4-fs: Ignoring removed orlov option
[ 29.684739][ T589] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 592] munmap(0x7f1009176000, 138412032) = 0
[pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 592] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 592] close(3) = 0
[pid 592] close(4) = 0
[pid 592] mkdir("./file1", 0777) = 0
[pid 592] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 592] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 592] chdir("./file1") = 0
[pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 592] ioctl(4, LOOP_CLR_FD) = 0
[pid 592] close(4) = 0
[pid 592] chdir("./file0") = 0
[pid 592] creat("./bus", 000) = 4
[pid 592] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 592] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 592] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 592] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 592] exit_group(0) = ?
[pid 592] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=592, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs") = 0
umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./94/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./94/file1/lost+found") = 0
umount2("./94/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./94/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file0/file0") = 0
umount2("./94/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file0/file1") = 0
umount2("./94/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./94/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./94/file1/file0") = 0
umount2("./94/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file1") = 0
umount2("./94/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file2") = 0
umount2("./94/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file3") = 0
umount2("./94/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file1") = -1 EBUSY (Device or resource busy)
umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./94/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 595
./strace-static-x86_64: Process 595 attached
[pid 595] set_robust_list(0x555557163660, 24) = 0
[pid 595] chdir("./95") = 0
[pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 595] setpgid(0, 0) = 0
[pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 595] write(3, "1000", 4) = 4
[pid 595] close(3) = 0
[pid 595] symlink("/dev/binderfs", "./binderfs") = 0
[pid 595] write(1, "executing program\n", 18) = 18
[pid 595] memfd_create("syzkaller", 0) = 3
[pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 29.736118][ T592] loop0: detected capacity change from 0 to 1024
[ 29.743335][ T592] EXT4-fs: Ignoring removed orlov option
[ 29.749009][ T592] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 595] munmap(0x7f1009176000, 138412032) = 0
[pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 595] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 595] close(3) = 0
[pid 595] close(4) = 0
[pid 595] mkdir("./file1", 0777) = 0
[pid 595] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 595] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 595] chdir("./file1") = 0
[pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 595] ioctl(4, LOOP_CLR_FD) = 0
[pid 595] close(4) = 0
[pid 595] chdir("./file0") = 0
[pid 595] creat("./bus", 000) = 4
[pid 595] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 595] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 595] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 595] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 595] exit_group(0) = ?
[pid 595] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=595, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs") = 0
umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./95/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./95/file1/lost+found") = 0
umount2("./95/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./95/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file0/file0") = 0
umount2("./95/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file0/file1") = 0
umount2("./95/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./95/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./95/file1/file0") = 0
umount2("./95/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file1") = 0
umount2("./95/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file2") = 0
umount2("./95/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file3") = 0
umount2("./95/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file1") = -1 EBUSY (Device or resource busy)
umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./95/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 598
./strace-static-x86_64: Process 598 attached
[pid 598] set_robust_list(0x555557163660, 24) = 0
[pid 598] chdir("./96") = 0
[pid 598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 598] setpgid(0, 0) = 0
[pid 598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 598] write(3, "1000", 4) = 4
[pid 598] close(3) = 0
[ 29.798661][ T595] loop0: detected capacity change from 0 to 1024
[ 29.806402][ T595] EXT4-fs: Ignoring removed orlov option
[ 29.811957][ T595] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 598] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 598] write(1, "executing program\n", 18) = 18
[pid 598] memfd_create("syzkaller", 0) = 3
[pid 598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 598] munmap(0x7f1009176000, 138412032) = 0
[pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 598] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 598] close(3) = 0
[pid 598] close(4) = 0
[pid 598] mkdir("./file1", 0777) = 0
[pid 598] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 598] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 598] chdir("./file1") = 0
[pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 598] ioctl(4, LOOP_CLR_FD) = 0
[pid 598] close(4) = 0
[pid 598] chdir("./file0") = 0
[pid 598] creat("./bus", 000) = 4
[pid 598] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 598] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 598] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 598] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 598] exit_group(0) = ?
[pid 598] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=598, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs") = 0
umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./96/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./96/file1/lost+found") = 0
umount2("./96/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./96/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file0/file0") = 0
umount2("./96/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file0/file1") = 0
umount2("./96/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./96/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./96/file1/file0") = 0
umount2("./96/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file1") = 0
umount2("./96/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file2") = 0
umount2("./96/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file3") = 0
umount2("./96/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file1") = -1 EBUSY (Device or resource busy)
umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./96/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 601
./strace-static-x86_64: Process 601 attached
[pid 601] set_robust_list(0x555557163660, 24) = 0
[pid 601] chdir("./97") = 0
[pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 601] setpgid(0, 0) = 0
[pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 601] write(3, "1000", 4) = 4
[pid 601] close(3) = 0
[pid 601] symlink("/dev/binderfs", "./binderfs") = 0
[pid 601] write(1, "executing program\n", 18) = 18
[pid 601] memfd_create("syzkaller", 0) = 3
[pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 29.862795][ T598] loop0: detected capacity change from 0 to 1024
[ 29.869822][ T598] EXT4-fs: Ignoring removed orlov option
[ 29.875294][ T598] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 601] munmap(0x7f1009176000, 138412032) = 0
[pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 601] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 601] close(3) = 0
[pid 601] close(4) = 0
[pid 601] mkdir("./file1", 0777) = 0
[pid 601] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 601] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 601] chdir("./file1") = 0
[pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 601] ioctl(4, LOOP_CLR_FD) = 0
[pid 601] close(4) = 0
[pid 601] chdir("./file0") = 0
[pid 601] creat("./bus", 000) = 4
[pid 601] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 601] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 601] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 601] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 601] exit_group(0) = ?
[pid 601] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=601, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs") = 0
umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./97/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./97/file1/lost+found") = 0
umount2("./97/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./97/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file0/file0") = 0
umount2("./97/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file0/file1") = 0
umount2("./97/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./97/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./97/file1/file0") = 0
umount2("./97/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file1") = 0
umount2("./97/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file2") = 0
umount2("./97/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file3") = 0
umount2("./97/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file1") = -1 EBUSY (Device or resource busy)
umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./97/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 604
./strace-static-x86_64: Process 604 attached
[pid 604] set_robust_list(0x555557163660, 24) = 0
[pid 604] chdir("./98") = 0
[pid 604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 604] setpgid(0, 0) = 0
[pid 604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 604] write(3, "1000", 4) = 4
[pid 604] close(3) = 0
[pid 604] symlink("/dev/binderfs", "./binderfs") = 0
[pid 604] write(1, "executing program\n", 18) = 18
[pid 604] memfd_create("syzkaller", 0) = 3
executing program
[pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 604] munmap(0x7f1009176000, 138412032) = 0
[pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.924230][ T601] loop0: detected capacity change from 0 to 1024
[ 29.932208][ T601] EXT4-fs: Ignoring removed orlov option
[ 29.937928][ T601] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 604] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 604] close(3) = 0
[pid 604] close(4) = 0
[pid 604] mkdir("./file1", 0777) = 0
[pid 604] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 604] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 604] chdir("./file1") = 0
[pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 604] ioctl(4, LOOP_CLR_FD) = 0
[pid 604] close(4) = 0
[pid 604] chdir("./file0") = 0
[pid 604] creat("./bus", 000) = 4
[pid 604] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 604] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 604] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 604] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 604] exit_group(0) = ?
[pid 604] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=604, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs") = 0
umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./98/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./98/file1/lost+found") = 0
umount2("./98/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./98/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file0/file0") = 0
umount2("./98/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file0/file1") = 0
umount2("./98/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./98/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./98/file1/file0") = 0
umount2("./98/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file1") = 0
umount2("./98/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file2") = 0
umount2("./98/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file3") = 0
umount2("./98/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file1") = -1 EBUSY (Device or resource busy)
umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./98/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 607
./strace-static-x86_64: Process 607 attached
[pid 607] set_robust_list(0x555557163660, 24) = 0
[pid 607] chdir("./99") = 0
[pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 607] setpgid(0, 0) = 0
[pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 607] write(3, "1000", 4) = 4
[pid 607] close(3) = 0
[pid 607] symlink("/dev/binderfs", "./binderfs") = 0
[pid 607] write(1, "executing program\n", 18executing program
) = 18
[pid 607] memfd_create("syzkaller", 0) = 3
[pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 607] munmap(0x7f1009176000, 138412032) = 0
[pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.983746][ T604] loop0: detected capacity change from 0 to 1024
[ 29.990891][ T604] EXT4-fs: Ignoring removed orlov option
[ 29.996609][ T604] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 607] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 607] close(3) = 0
[pid 607] close(4) = 0
[pid 607] mkdir("./file1", 0777) = 0
[pid 607] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 607] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 607] chdir("./file1") = 0
[pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 607] ioctl(4, LOOP_CLR_FD) = 0
[pid 607] close(4) = 0
[pid 607] chdir("./file0") = 0
[pid 607] creat("./bus", 000) = 4
[pid 607] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 607] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 607] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 607] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 607] exit_group(0) = ?
[pid 607] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=607, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs") = 0
umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./99/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./99/file1/lost+found") = 0
umount2("./99/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./99/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file0/file0") = 0
umount2("./99/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file0/file1") = 0
umount2("./99/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./99/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./99/file1/file0") = 0
umount2("./99/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file1") = 0
umount2("./99/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file2") = 0
umount2("./99/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file3") = 0
umount2("./99/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file1") = -1 EBUSY (Device or resource busy)
umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./99/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 610
./strace-static-x86_64: Process 610 attached
[pid 610] set_robust_list(0x555557163660, 24) = 0
[pid 610] chdir("./100") = 0
[pid 610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 610] setpgid(0, 0) = 0
[pid 610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 610] write(3, "1000", 4) = 4
[pid 610] close(3) = 0
[pid 610] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 610] write(1, "executing program\n", 18) = 18
[pid 610] memfd_create("syzkaller", 0) = 3
[pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 610] munmap(0x7f1009176000, 138412032) = 0
[pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.043277][ T607] loop0: detected capacity change from 0 to 1024
[ 30.050286][ T607] EXT4-fs: Ignoring removed orlov option
[ 30.055781][ T607] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 610] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 610] close(3) = 0
[pid 610] close(4) = 0
[pid 610] mkdir("./file1", 0777) = 0
[pid 610] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 610] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 610] chdir("./file1") = 0
[pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 610] ioctl(4, LOOP_CLR_FD) = 0
[pid 610] close(4) = 0
[pid 610] chdir("./file0") = 0
[pid 610] creat("./bus", 000) = 4
[pid 610] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 610] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 610] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 610] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 610] exit_group(0) = ?
[pid 610] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=610, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs") = 0
umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./100/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./100/file1/lost+found") = 0
umount2("./100/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./100/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file0/file0") = 0
umount2("./100/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file0/file1") = 0
umount2("./100/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./100/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./100/file1/file0") = 0
umount2("./100/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file1") = 0
umount2("./100/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file2") = 0
umount2("./100/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file3") = 0
umount2("./100/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file1") = -1 EBUSY (Device or resource busy)
umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./100/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 613
./strace-static-x86_64: Process 613 attached
[pid 613] set_robust_list(0x555557163660, 24) = 0
[pid 613] chdir("./101") = 0
[pid 613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 613] setpgid(0, 0) = 0
[pid 613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 613] write(3, "1000", 4) = 4
[pid 613] close(3) = 0
[pid 613] symlink("/dev/binderfs", "./binderfs") = 0
[ 30.103114][ T610] loop0: detected capacity change from 0 to 1024
[ 30.110310][ T610] EXT4-fs: Ignoring removed orlov option
[ 30.115811][ T610] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 613] write(1, "executing program\n", 18executing program
) = 18
[pid 613] memfd_create("syzkaller", 0) = 3
[pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 613] munmap(0x7f1009176000, 138412032) = 0
[pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 613] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 613] close(3) = 0
[pid 613] close(4) = 0
[pid 613] mkdir("./file1", 0777) = 0
[pid 613] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 613] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 613] chdir("./file1") = 0
[pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 613] ioctl(4, LOOP_CLR_FD) = 0
[pid 613] close(4) = 0
[pid 613] chdir("./file0") = 0
[pid 613] creat("./bus", 000) = 4
[pid 613] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 613] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 613] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 613] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 613] exit_group(0) = ?
[pid 613] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=613, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs") = 0
umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./101/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./101/file1/lost+found") = 0
umount2("./101/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./101/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file0/file0") = 0
umount2("./101/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file0/file1") = 0
umount2("./101/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./101/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./101/file1/file0") = 0
umount2("./101/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file1") = 0
umount2("./101/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file2") = 0
umount2("./101/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file3") = 0
umount2("./101/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file1") = -1 EBUSY (Device or resource busy)
umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./101/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 616
./strace-static-x86_64: Process 616 attached
[pid 616] set_robust_list(0x555557163660, 24) = 0
[pid 616] chdir("./102") = 0
[pid 616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 616] setpgid(0, 0) = 0
[pid 616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 616] write(3, "1000", 4) = 4
[pid 616] close(3) = 0
[pid 616] symlink("/dev/binderfs", "./binderfs") = 0
[pid 616] write(1, "executing program\n", 18) = 18
[pid 616] memfd_create("syzkaller", 0) = 3
[pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 30.168060][ T613] loop0: detected capacity change from 0 to 1024
[ 30.175020][ T613] EXT4-fs: Ignoring removed orlov option
[ 30.180543][ T613] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 616] munmap(0x7f1009176000, 138412032) = 0
[pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 616] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 616] close(3) = 0
[pid 616] close(4) = 0
[pid 616] mkdir("./file1", 0777) = 0
[pid 616] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 616] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 616] chdir("./file1") = 0
[pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 616] ioctl(4, LOOP_CLR_FD) = 0
[pid 616] close(4) = 0
[pid 616] chdir("./file0") = 0
[pid 616] creat("./bus", 000) = 4
[pid 616] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 616] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 616] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 616] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 616] exit_group(0) = ?
[pid 616] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=616, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs") = 0
umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./102/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./102/file1/lost+found") = 0
umount2("./102/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./102/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file0/file0") = 0
umount2("./102/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file0/file1") = 0
umount2("./102/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./102/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./102/file1/file0") = 0
umount2("./102/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file1") = 0
umount2("./102/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file2") = 0
umount2("./102/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file3") = 0
umount2("./102/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file1") = -1 EBUSY (Device or resource busy)
umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./102/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 30.229791][ T616] loop0: detected capacity change from 0 to 1024
[ 30.236822][ T616] EXT4-fs: Ignoring removed orlov option
[ 30.242315][ T616] EXT4-fs: Ignoring removed nomblk_io_submit option
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 619
./strace-static-x86_64: Process 619 attached
[pid 619] set_robust_list(0x555557163660, 24) = 0
[pid 619] chdir("./103") = 0
[pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 619] setpgid(0, 0) = 0
[pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 619] write(3, "1000", 4) = 4
[pid 619] close(3) = 0
[pid 619] symlink("/dev/binderfs", "./binderfs") = 0
[pid 619] write(1, "executing program\n", 18executing program
) = 18
[pid 619] memfd_create("syzkaller", 0) = 3
[pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 619] munmap(0x7f1009176000, 138412032) = 0
[pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 619] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 619] close(3) = 0
[pid 619] close(4) = 0
[pid 619] mkdir("./file1", 0777) = 0
[pid 619] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 619] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 619] chdir("./file1") = 0
[pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 619] ioctl(4, LOOP_CLR_FD) = 0
[pid 619] close(4) = 0
[pid 619] chdir("./file0") = 0
[pid 619] creat("./bus", 000) = 4
[pid 619] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 619] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 619] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 619] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 619] exit_group(0) = ?
[pid 619] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=619, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs") = 0
umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./103/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./103/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./103/file1/lost+found") = 0
umount2("./103/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./103/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file0/file0") = 0
umount2("./103/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file0/file1") = 0
umount2("./103/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./103/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./103/file1/file0") = 0
umount2("./103/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file1") = 0
umount2("./103/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file2") = 0
umount2("./103/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file3") = 0
umount2("./103/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file1") = -1 EBUSY (Device or resource busy)
[ 30.297379][ T619] loop0: detected capacity change from 0 to 1024
[ 30.304881][ T619] EXT4-fs: Ignoring removed orlov option
[ 30.310441][ T619] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./103/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 622
./strace-static-x86_64: Process 622 attached
[pid 622] set_robust_list(0x555557163660, 24) = 0
[pid 622] chdir("./104") = 0
[pid 622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 622] setpgid(0, 0) = 0
[pid 622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 622] write(3, "1000", 4) = 4
[pid 622] close(3) = 0
[pid 622] symlink("/dev/binderfs", "./binderfs") = 0
[pid 622] write(1, "executing program\n", 18executing program
) = 18
[pid 622] memfd_create("syzkaller", 0) = 3
[pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 622] munmap(0x7f1009176000, 138412032) = 0
[pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 622] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 622] close(3) = 0
[pid 622] close(4) = 0
[pid 622] mkdir("./file1", 0777) = 0
[pid 622] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 622] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 622] chdir("./file1") = 0
[pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 622] ioctl(4, LOOP_CLR_FD) = 0
[pid 622] close(4) = 0
[pid 622] chdir("./file0") = 0
[pid 622] creat("./bus", 000) = 4
[pid 622] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 622] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 622] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 622] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 622] exit_group(0) = ?
[pid 622] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=622, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs") = 0
umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./104/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./104/file1/lost+found") = 0
umount2("./104/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./104/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file0/file0") = 0
umount2("./104/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file0/file1") = 0
umount2("./104/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./104/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./104/file1/file0") = 0
umount2("./104/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file1") = 0
umount2("./104/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file2") = 0
umount2("./104/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file3") = 0
umount2("./104/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file1") = -1 EBUSY (Device or resource busy)
umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./104/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 625
./strace-static-x86_64: Process 625 attached
[pid 625] set_robust_list(0x555557163660, 24) = 0
[pid 625] chdir("./105") = 0
[pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 625] setpgid(0, 0) = 0
[pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 625] write(3, "1000", 4) = 4
[pid 625] close(3) = 0
[pid 625] symlink("/dev/binderfs", "./binderfs") = 0
[pid 625] write(1, "executing program\n", 18) = 18
[pid 625] memfd_create("syzkaller", 0) = 3
[pid 625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 625] munmap(0x7f1009176000, 138412032) = 0
[pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.365620][ T622] loop0: detected capacity change from 0 to 1024
[ 30.372713][ T622] EXT4-fs: Ignoring removed orlov option
[ 30.378651][ T622] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 625] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 625] close(3) = 0
[pid 625] close(4) = 0
[pid 625] mkdir("./file1", 0777) = 0
[pid 625] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 625] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 625] chdir("./file1") = 0
[pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 625] ioctl(4, LOOP_CLR_FD) = 0
[pid 625] close(4) = 0
[pid 625] chdir("./file0") = 0
[pid 625] creat("./bus", 000) = 4
[pid 625] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 625] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 625] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 625] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 625] exit_group(0) = ?
[pid 625] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=625, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs") = 0
umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./105/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./105/file1/lost+found") = 0
umount2("./105/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./105/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file0/file0") = 0
umount2("./105/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file0/file1") = 0
umount2("./105/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./105/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./105/file1/file0") = 0
umount2("./105/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file1") = 0
umount2("./105/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file2") = 0
umount2("./105/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file3") = 0
umount2("./105/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file1") = -1 EBUSY (Device or resource busy)
umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./105/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 628
./strace-static-x86_64: Process 628 attached
[pid 628] set_robust_list(0x555557163660, 24) = 0
[pid 628] chdir("./106") = 0
[pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 628] setpgid(0, 0) = 0
[pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 628] write(3, "1000", 4) = 4
[pid 628] close(3) = 0
[pid 628] symlink("/dev/binderfs", "./binderfs") = 0
[pid 628] write(1, "executing program\n", 18) = 18
[pid 628] memfd_create("syzkaller", 0) = 3
[pid 628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 30.421275][ T625] loop0: detected capacity change from 0 to 1024
[ 30.428342][ T625] EXT4-fs: Ignoring removed orlov option
[ 30.433838][ T625] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 628] munmap(0x7f1009176000, 138412032) = 0
[pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 628] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 628] close(3) = 0
[pid 628] close(4) = 0
[pid 628] mkdir("./file1", 0777) = 0
[pid 628] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 628] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 628] chdir("./file1") = 0
[pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 628] ioctl(4, LOOP_CLR_FD) = 0
[pid 628] close(4) = 0
[pid 628] chdir("./file0") = 0
[pid 628] creat("./bus", 000) = 4
[pid 628] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 628] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 628] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 628] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 628] exit_group(0) = ?
[pid 628] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=628, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/binderfs") = 0
umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./106/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./106/file1/lost+found") = 0
umount2("./106/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./106/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file0/file0") = 0
umount2("./106/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file0/file1") = 0
umount2("./106/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./106/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./106/file1/file0") = 0
umount2("./106/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file1") = 0
umount2("./106/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file2") = 0
umount2("./106/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file3") = 0
umount2("./106/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file1") = -1 EBUSY (Device or resource busy)
umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./106/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 632
./strace-static-x86_64: Process 632 attached
[pid 632] set_robust_list(0x555557163660, 24) = 0
[pid 632] chdir("./107") = 0
[pid 632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 632] setpgid(0, 0) = 0
[pid 632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 632] write(3, "1000", 4) = 4
[pid 632] close(3) = 0
[pid 632] symlink("/dev/binderfs", "./binderfs") = 0
[pid 632] write(1, "executing program\n", 18executing program
) = 18
[pid 632] memfd_create("syzkaller", 0) = 3
[pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 30.482736][ T628] loop0: detected capacity change from 0 to 1024
[ 30.489715][ T628] EXT4-fs: Ignoring removed orlov option
[ 30.495229][ T628] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 632] munmap(0x7f1009176000, 138412032) = 0
[pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 632] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 632] close(3) = 0
[pid 632] close(4) = 0
[pid 632] mkdir("./file1", 0777) = 0
[pid 632] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 632] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 632] chdir("./file1") = 0
[pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 632] ioctl(4, LOOP_CLR_FD) = 0
[pid 632] close(4) = 0
[pid 632] chdir("./file0") = 0
[pid 632] creat("./bus", 000) = 4
[pid 632] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 632] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 632] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 632] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 632] exit_group(0) = ?
[pid 632] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=632, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/binderfs") = 0
umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./107/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./107/file1/lost+found") = 0
umount2("./107/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./107/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file0/file0") = 0
umount2("./107/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file0/file1") = 0
umount2("./107/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./107/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./107/file1/file0") = 0
umount2("./107/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file1") = 0
umount2("./107/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file2") = 0
umount2("./107/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file3") = 0
umount2("./107/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./107/file1") = -1 EBUSY (Device or resource busy)
umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./107/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./107") = 0
mkdir("./108", 0777executing program
) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 635
./strace-static-x86_64: Process 635 attached
[pid 635] set_robust_list(0x555557163660, 24) = 0
[pid 635] chdir("./108") = 0
[pid 635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 635] setpgid(0, 0) = 0
[pid 635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 635] write(3, "1000", 4) = 4
[pid 635] close(3) = 0
[pid 635] symlink("/dev/binderfs", "./binderfs") = 0
[pid 635] write(1, "executing program\n", 18) = 18
[pid 635] memfd_create("syzkaller", 0) = 3
[pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 635] munmap(0x7f1009176000, 138412032) = 0
[pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.545101][ T632] loop0: detected capacity change from 0 to 1024
[ 30.552930][ T632] EXT4-fs: Ignoring removed orlov option
[ 30.559001][ T632] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 635] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 635] close(3) = 0
[pid 635] close(4) = 0
[pid 635] mkdir("./file1", 0777) = 0
[pid 635] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 635] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 635] chdir("./file1") = 0
[pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 635] ioctl(4, LOOP_CLR_FD) = 0
[pid 635] close(4) = 0
[pid 635] chdir("./file0") = 0
[pid 635] creat("./bus", 000) = 4
[pid 635] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 635] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 635] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 635] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 635] exit_group(0) = ?
[pid 635] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=635, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/binderfs") = 0
umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./108/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./108/file1/lost+found") = 0
umount2("./108/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./108/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file0/file0") = 0
umount2("./108/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file0/file1") = 0
umount2("./108/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./108/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./108/file1/file0") = 0
umount2("./108/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file1") = 0
umount2("./108/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file2") = 0
umount2("./108/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file3") = 0
umount2("./108/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./108/file1") = -1 EBUSY (Device or resource busy)
umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./108/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./108") = 0
mkdir("./109", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 638
./strace-static-x86_64: Process 638 attached
[pid 638] set_robust_list(0x555557163660, 24) = 0
[pid 638] chdir("./109") = 0
[pid 638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 638] setpgid(0, 0) = 0
[pid 638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
executing program
[pid 638] write(3, "1000", 4) = 4
[pid 638] close(3) = 0
[pid 638] symlink("/dev/binderfs", "./binderfs") = 0
[pid 638] write(1, "executing program\n", 18) = 18
[pid 638] memfd_create("syzkaller", 0) = 3
[pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 30.596202][ T635] loop0: detected capacity change from 0 to 1024
[ 30.603286][ T635] EXT4-fs: Ignoring removed orlov option
[ 30.608826][ T635] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 638] munmap(0x7f1009176000, 138412032) = 0
[pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 638] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 638] close(3) = 0
[pid 638] close(4) = 0
[pid 638] mkdir("./file1", 0777) = 0
[pid 638] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 638] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 638] chdir("./file1") = 0
[pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 638] ioctl(4, LOOP_CLR_FD) = 0
[pid 638] close(4) = 0
[pid 638] chdir("./file0") = 0
[pid 638] creat("./bus", 000) = 4
[pid 638] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 638] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 638] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 638] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 638] exit_group(0) = ?
[pid 638] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=638, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/binderfs") = 0
umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./109/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./109/file1/lost+found") = 0
umount2("./109/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./109/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file0/file0") = 0
umount2("./109/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file0/file1") = 0
umount2("./109/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./109/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./109/file1/file0") = 0
umount2("./109/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file1") = 0
umount2("./109/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file2") = 0
umount2("./109/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file3") = 0
umount2("./109/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./109/file1") = -1 EBUSY (Device or resource busy)
umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./109/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./109") = 0
mkdir("./110", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 642
./strace-static-x86_64: Process 642 attached
[pid 642] set_robust_list(0x555557163660, 24) = 0
[pid 642] chdir("./110") = 0
[pid 642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 642] setpgid(0, 0) = 0
[pid 642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid 642] write(3, "1000", 4) = 4
[pid 642] close(3) = 0
[pid 642] symlink("/dev/binderfs", "./binderfs") = 0
[pid 642] write(1, "executing program\n", 18) = 18
[pid 642] memfd_create("syzkaller", 0) = 3
[pid 642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 642] munmap(0x7f1009176000, 138412032) = 0
[pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.659131][ T638] loop0: detected capacity change from 0 to 1024
[ 30.666993][ T638] EXT4-fs: Ignoring removed orlov option
[ 30.672545][ T638] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 642] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 642] close(3) = 0
[pid 642] close(4) = 0
[pid 642] mkdir("./file1", 0777) = 0
[pid 642] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 642] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 642] chdir("./file1") = 0
[pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 642] ioctl(4, LOOP_CLR_FD) = 0
[pid 642] close(4) = 0
[pid 642] chdir("./file0") = 0
[pid 642] creat("./bus", 000) = 4
[pid 642] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 642] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 642] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 642] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 642] exit_group(0) = ?
[pid 642] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=642, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/binderfs") = 0
umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./110/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./110/file1/lost+found") = 0
umount2("./110/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./110/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file0/file0") = 0
umount2("./110/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file0/file1") = 0
umount2("./110/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./110/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./110/file1/file0") = 0
umount2("./110/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file1") = 0
umount2("./110/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file2") = 0
umount2("./110/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file3") = 0
umount2("./110/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./110/file1") = -1 EBUSY (Device or resource busy)
umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./110/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./110") = 0
mkdir("./111", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 645
./strace-static-x86_64: Process 645 attached
[pid 645] set_robust_list(0x555557163660, 24) = 0
[pid 645] chdir("./111") = 0
[pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 645] setpgid(0, 0) = 0
[pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 645] write(3, "1000", 4) = 4
[pid 645] close(3) = 0
[pid 645] symlink("/dev/binderfs", "./binderfs") = 0
[pid 645] write(1, "executing program\n", 18executing program
) = 18
[ 30.718751][ T642] loop0: detected capacity change from 0 to 1024
[ 30.725827][ T642] EXT4-fs: Ignoring removed orlov option
[ 30.731564][ T642] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 645] memfd_create("syzkaller", 0) = 3
[pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 645] munmap(0x7f1009176000, 138412032) = 0
[pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 645] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 645] close(3) = 0
[pid 645] close(4) = 0
[pid 645] mkdir("./file1", 0777) = 0
[pid 645] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 645] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 645] chdir("./file1") = 0
[pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 645] ioctl(4, LOOP_CLR_FD) = 0
[pid 645] close(4) = 0
[pid 645] chdir("./file0") = 0
[pid 645] creat("./bus", 000) = 4
[pid 645] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 645] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 645] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 645] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 645] exit_group(0) = ?
[pid 645] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=645, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/binderfs") = 0
umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./111/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./111/file1/lost+found") = 0
umount2("./111/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./111/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file0/file0") = 0
umount2("./111/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file0/file1") = 0
umount2("./111/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./111/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./111/file1/file0") = 0
umount2("./111/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file1") = 0
umount2("./111/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file2") = 0
umount2("./111/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file3") = 0
umount2("./111/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./111/file1") = -1 EBUSY (Device or resource busy)
umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./111/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./111") = 0
mkdir("./112", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 648
./strace-static-x86_64: Process 648 attached
[pid 648] set_robust_list(0x555557163660, 24) = 0
[pid 648] chdir("./112") = 0
[pid 648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 648] setpgid(0, 0) = 0
[pid 648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 648] write(3, "1000", 4) = 4
[pid 648] close(3) = 0
[pid 648] symlink("/dev/binderfs", "./binderfs") = 0
[pid 648] write(1, "executing program\n", 18) = 18
[pid 648] memfd_create("syzkaller", 0) = 3
[pid 648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 30.783633][ T645] loop0: detected capacity change from 0 to 1024
[ 30.791438][ T645] EXT4-fs: Ignoring removed orlov option
[ 30.797381][ T645] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 648] munmap(0x7f1009176000, 138412032) = 0
[pid 648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 648] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 648] close(3) = 0
[pid 648] close(4) = 0
[pid 648] mkdir("./file1", 0777) = 0
[pid 648] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 648] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 648] chdir("./file1") = 0
[pid 648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 648] ioctl(4, LOOP_CLR_FD) = 0
[pid 648] close(4) = 0
[pid 648] chdir("./file0") = 0
[pid 648] creat("./bus", 000) = 4
[pid 648] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 648] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 648] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 648] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 648] exit_group(0) = ?
[pid 648] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=648, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/binderfs") = 0
umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./112/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./112/file1/lost+found") = 0
umount2("./112/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./112/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file0/file0") = 0
umount2("./112/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file0/file1") = 0
umount2("./112/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./112/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./112/file1/file0") = 0
umount2("./112/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file1") = 0
umount2("./112/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file2") = 0
umount2("./112/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file3") = 0
umount2("./112/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./112/file1") = -1 EBUSY (Device or resource busy)
umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./112/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./112") = 0
mkdir("./113", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 651
./strace-static-x86_64: Process 651 attached
[pid 651] set_robust_list(0x555557163660, 24) = 0
[pid 651] chdir("./113") = 0
[pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 651] setpgid(0, 0) = 0
[pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 651] write(3, "1000", 4) = 4
[pid 651] close(3) = 0
[pid 651] symlink("/dev/binderfs", "./binderfs") = 0
[pid 651] write(1, "executing program\n", 18) = 18
[pid 651] memfd_create("syzkaller", 0) = 3
[pid 651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 651] munmap(0x7f1009176000, 138412032) = 0
[ 30.846440][ T648] loop0: detected capacity change from 0 to 1024
[ 30.853821][ T648] EXT4-fs: Ignoring removed orlov option
[ 30.859365][ T648] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 651] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 651] close(3) = 0
[pid 651] close(4) = 0
[pid 651] mkdir("./file1", 0777) = 0
[pid 651] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 651] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 651] chdir("./file1") = 0
[pid 651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 651] ioctl(4, LOOP_CLR_FD) = 0
[pid 651] close(4) = 0
[pid 651] chdir("./file0") = 0
[pid 651] creat("./bus", 000) = 4
[pid 651] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 651] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 651] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 651] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 651] exit_group(0) = ?
[pid 651] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=651, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/binderfs") = 0
umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./113/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./113/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./113/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./113/file1/lost+found") = 0
umount2("./113/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./113/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file0/file0") = 0
umount2("./113/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file0/file1") = 0
umount2("./113/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./113/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./113/file1/file0") = 0
umount2("./113/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file1") = 0
umount2("./113/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file2") = 0
umount2("./113/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file3") = 0
umount2("./113/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./113/file1") = -1 EBUSY (Device or resource busy)
umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 30.907563][ T651] loop0: detected capacity change from 0 to 1024
[ 30.915488][ T651] EXT4-fs: Ignoring removed orlov option
[ 30.921249][ T651] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./113/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./113") = 0
mkdir("./114", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 654
./strace-static-x86_64: Process 654 attached
[pid 654] set_robust_list(0x555557163660, 24) = 0
[pid 654] chdir("./114") = 0
executing program
[pid 654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 654] setpgid(0, 0) = 0
[pid 654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 654] write(3, "1000", 4) = 4
[pid 654] close(3) = 0
[pid 654] symlink("/dev/binderfs", "./binderfs") = 0
[pid 654] write(1, "executing program\n", 18) = 18
[pid 654] memfd_create("syzkaller", 0) = 3
[pid 654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 654] munmap(0x7f1009176000, 138412032) = 0
[pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 654] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 654] close(3) = 0
[pid 654] close(4) = 0
[pid 654] mkdir("./file1", 0777) = 0
[pid 654] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 654] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 654] chdir("./file1") = 0
[pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 654] ioctl(4, LOOP_CLR_FD) = 0
[pid 654] close(4) = 0
[pid 654] chdir("./file0") = 0
[pid 654] creat("./bus", 000) = 4
[pid 654] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 654] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 654] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 654] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 654] exit_group(0) = ?
[pid 654] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=654, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/binderfs") = 0
umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./114/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./114/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./114/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./114/file1/lost+found") = 0
umount2("./114/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./114/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file0/file0") = 0
umount2("./114/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file0/file1") = 0
umount2("./114/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./114/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./114/file1/file0") = 0
umount2("./114/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file1") = 0
umount2("./114/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file2") = 0
umount2("./114/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file3") = 0
umount2("./114/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./114/file1") = -1 EBUSY (Device or resource busy)
umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./114/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./114") = 0
mkdir("./115", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 657
./strace-static-x86_64: Process 657 attached
[pid 657] set_robust_list(0x555557163660, 24) = 0
[pid 657] chdir("./115") = 0
[pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 657] setpgid(0, 0) = 0
[pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 657] write(3, "1000", 4) = 4
[pid 657] close(3) = 0
[pid 657] symlink("/dev/binderfs", "./binderfs") = 0
[pid 657] write(1, "executing program\n", 18) = 18
[pid 657] memfd_create("syzkaller", 0) = 3
[pid 657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 30.978454][ T654] loop0: detected capacity change from 0 to 1024
[ 30.985445][ T654] EXT4-fs: Ignoring removed orlov option
[ 30.991064][ T654] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 657] munmap(0x7f1009176000, 138412032) = 0
[pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 657] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 657] close(3) = 0
[pid 657] close(4) = 0
[pid 657] mkdir("./file1", 0777) = 0
[pid 657] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 657] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 657] chdir("./file1") = 0
[pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 657] ioctl(4, LOOP_CLR_FD) = 0
[pid 657] close(4) = 0
[pid 657] chdir("./file0") = 0
[pid 657] creat("./bus", 000) = 4
[pid 657] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 657] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 657] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 657] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 657] exit_group(0) = ?
[pid 657] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=657, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/binderfs") = 0
umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./115/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./115/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./115/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./115/file1/lost+found") = 0
umount2("./115/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./115/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file0/file0") = 0
umount2("./115/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file0/file1") = 0
umount2("./115/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./115/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./115/file1/file0") = 0
umount2("./115/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file1") = 0
umount2("./115/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file2") = 0
umount2("./115/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file3") = 0
umount2("./115/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./115/file1") = -1 EBUSY (Device or resource busy)
umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./115/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./115") = 0
mkdir("./116", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 660
./strace-static-x86_64: Process 660 attached
[pid 660] set_robust_list(0x555557163660, 24) = 0
[pid 660] chdir("./116") = 0
[pid 660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 660] setpgid(0, 0) = 0
[pid 660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 660] write(3, "1000", 4) = 4
[pid 660] close(3) = 0
[pid 660] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 660] write(1, "executing program\n", 18) = 18
[pid 660] memfd_create("syzkaller", 0) = 3
[pid 660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 660] munmap(0x7f1009176000, 138412032) = 0
[ 31.039767][ T657] loop0: detected capacity change from 0 to 1024
[ 31.047636][ T657] EXT4-fs: Ignoring removed orlov option
[ 31.053164][ T657] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 660] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 660] close(3) = 0
[pid 660] close(4) = 0
[pid 660] mkdir("./file1", 0777) = 0
[pid 660] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 660] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 660] chdir("./file1") = 0
[pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 660] ioctl(4, LOOP_CLR_FD) = 0
[pid 660] close(4) = 0
[pid 660] chdir("./file0") = 0
[pid 660] creat("./bus", 000) = 4
[pid 660] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 660] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 660] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 660] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 660] exit_group(0) = ?
[pid 660] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=660, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/binderfs") = 0
umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./116/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./116/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./116/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./116/file1/lost+found") = 0
umount2("./116/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./116/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file0/file0") = 0
umount2("./116/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file0/file1") = 0
umount2("./116/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./116/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./116/file1/file0") = 0
umount2("./116/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file1") = 0
umount2("./116/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file2") = 0
umount2("./116/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file3") = 0
umount2("./116/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./116/file1") = -1 EBUSY (Device or resource busy)
umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./116/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./116") = 0
mkdir("./117", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 663
./strace-static-x86_64: Process 663 attached
[pid 663] set_robust_list(0x555557163660, 24) = 0
[pid 663] chdir("./117") = 0
[pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 663] setpgid(0, 0) = 0
[pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 663] write(3, "1000", 4) = 4
[pid 663] close(3) = 0
[pid 663] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 663] write(1, "executing program\n", 18) = 18
[pid 663] memfd_create("syzkaller", 0) = 3
[pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 663] munmap(0x7f1009176000, 138412032) = 0
[pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.100531][ T660] loop0: detected capacity change from 0 to 1024
[ 31.107684][ T660] EXT4-fs: Ignoring removed orlov option
[ 31.113246][ T660] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 663] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 663] close(3) = 0
[pid 663] close(4) = 0
[pid 663] mkdir("./file1", 0777) = 0
[pid 663] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 663] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 663] chdir("./file1") = 0
[pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 663] ioctl(4, LOOP_CLR_FD) = 0
[pid 663] close(4) = 0
[pid 663] chdir("./file0") = 0
[pid 663] creat("./bus", 000) = 4
[pid 663] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 663] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 663] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 663] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 663] exit_group(0) = ?
[pid 663] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=663, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/binderfs") = 0
umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./117/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./117/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./117/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./117/file1/lost+found") = 0
umount2("./117/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./117/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file0/file0") = 0
umount2("./117/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file0/file1") = 0
umount2("./117/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./117/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./117/file1/file0") = 0
umount2("./117/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file1") = 0
umount2("./117/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file2") = 0
umount2("./117/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file3") = 0
umount2("./117/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./117/file1") = -1 EBUSY (Device or resource busy)
umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./117/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./117") = 0
mkdir("./118", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 31.157343][ T663] loop0: detected capacity change from 0 to 1024
[ 31.164859][ T663] EXT4-fs: Ignoring removed orlov option
[ 31.170382][ T663] EXT4-fs: Ignoring removed nomblk_io_submit option
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 666
./strace-static-x86_64: Process 666 attached
[pid 666] set_robust_list(0x555557163660, 24) = 0
[pid 666] chdir("./118") = 0
[pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 666] setpgid(0, 0) = 0
[pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 666] write(3, "1000", 4) = 4
[pid 666] close(3) = 0
[pid 666] symlink("/dev/binderfs", "./binderfs") = 0
[pid 666] write(1, "executing program\n", 18) = 18
[pid 666] memfd_create("syzkaller", 0) = 3
[pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 666] munmap(0x7f1009176000, 138412032) = 0
[pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 666] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 666] close(3) = 0
[pid 666] close(4) = 0
[pid 666] mkdir("./file1", 0777) = 0
[pid 666] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 666] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 666] chdir("./file1") = 0
[pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 666] ioctl(4, LOOP_CLR_FD) = 0
[pid 666] close(4) = 0
[pid 666] chdir("./file0") = 0
[pid 666] creat("./bus", 000) = 4
[pid 666] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 666] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 666] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 666] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 666] exit_group(0) = ?
[pid 666] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=666, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/binderfs") = 0
umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./118/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./118/file1/lost+found") = 0
umount2("./118/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./118/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file0/file0") = 0
umount2("./118/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file0/file1") = 0
umount2("./118/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./118/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./118/file1/file0") = 0
umount2("./118/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file1") = 0
umount2("./118/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file2") = 0
umount2("./118/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file3") = 0
umount2("./118/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./118/file1") = -1 EBUSY (Device or resource busy)
umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./118/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./118") = 0
mkdir("./119", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 669
./strace-static-x86_64: Process 669 attached
[pid 669] set_robust_list(0x555557163660, 24) = 0
[pid 669] chdir("./119") = 0
[pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 669] setpgid(0, 0) = 0
[pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 669] write(3, "1000", 4) = 4
[pid 669] close(3) = 0
[pid 669] symlink("/dev/binderfs", "./binderfs") = 0
[pid 669] write(1, "executing program\n", 18) = 18
[pid 669] memfd_create("syzkaller", 0) = 3
[pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 31.221418][ T666] loop0: detected capacity change from 0 to 1024
[ 31.229050][ T666] EXT4-fs: Ignoring removed orlov option
[ 31.234589][ T666] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 669] munmap(0x7f1009176000, 138412032) = 0
[pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 669] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 669] close(3) = 0
[pid 669] close(4) = 0
[pid 669] mkdir("./file1", 0777) = 0
[pid 669] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 669] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 669] chdir("./file1") = 0
[pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 669] ioctl(4, LOOP_CLR_FD) = 0
[pid 669] close(4) = 0
[pid 669] chdir("./file0") = 0
[pid 669] creat("./bus", 000) = 4
[pid 669] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 669] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 669] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 669] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 669] exit_group(0) = ?
[pid 669] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=669, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/binderfs") = 0
umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./119/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./119/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./119/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./119/file1/lost+found") = 0
umount2("./119/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./119/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file0/file0") = 0
umount2("./119/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file0/file1") = 0
umount2("./119/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./119/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./119/file1/file0") = 0
umount2("./119/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file1") = 0
umount2("./119/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file2") = 0
umount2("./119/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file3") = 0
umount2("./119/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./119/file1") = -1 EBUSY (Device or resource busy)
umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./119/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./119") = 0
mkdir("./120", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 673
./strace-static-x86_64: Process 673 attached
[pid 673] set_robust_list(0x555557163660, 24) = 0
[pid 673] chdir("./120") = 0
[pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 673] setpgid(0, 0) = 0
[pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 673] write(3, "1000", 4) = 4
[pid 673] close(3) = 0
[pid 673] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 673] write(1, "executing program\n", 18) = 18
[pid 673] memfd_create("syzkaller", 0) = 3
[pid 673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 673] munmap(0x7f1009176000, 138412032) = 0
[ 31.284379][ T669] loop0: detected capacity change from 0 to 1024
[ 31.292376][ T669] EXT4-fs: Ignoring removed orlov option
[ 31.298420][ T669] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 673] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 673] close(3) = 0
[pid 673] close(4) = 0
[pid 673] mkdir("./file1", 0777) = 0
[pid 673] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 673] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 673] chdir("./file1") = 0
[pid 673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 673] ioctl(4, LOOP_CLR_FD) = 0
[pid 673] close(4) = 0
[pid 673] chdir("./file0") = 0
[pid 673] creat("./bus", 000) = 4
[pid 673] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 673] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 673] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 673] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 673] exit_group(0) = ?
[pid 673] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=673, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/binderfs") = 0
umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./120/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./120/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./120/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./120/file1/lost+found") = 0
umount2("./120/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./120/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file0/file0") = 0
umount2("./120/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file0/file1") = 0
umount2("./120/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./120/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./120/file1/file0") = 0
umount2("./120/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file1") = 0
umount2("./120/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file2") = 0
umount2("./120/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file3") = 0
umount2("./120/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./120/file1") = -1 EBUSY (Device or resource busy)
umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./120/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./120") = 0
mkdir("./121", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 676
./strace-static-x86_64: Process 676 attached
[pid 676] set_robust_list(0x555557163660, 24) = 0
[pid 676] chdir("./121") = 0
[pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 676] setpgid(0, 0) = 0
[pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 676] write(3, "1000", 4) = 4
[pid 676] close(3) = 0
[pid 676] symlink("/dev/binderfs", "./binderfs") = 0
[pid 676] write(1, "executing program\n", 18executing program
) = 18
[pid 676] memfd_create("syzkaller", 0) = 3
[pid 676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 31.343568][ T673] loop0: detected capacity change from 0 to 1024
[ 31.350756][ T673] EXT4-fs: Ignoring removed orlov option
[ 31.356713][ T673] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 676] munmap(0x7f1009176000, 138412032) = 0
[pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 676] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 676] close(3) = 0
[pid 676] close(4) = 0
[pid 676] mkdir("./file1", 0777) = 0
[pid 676] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 676] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 676] chdir("./file1") = 0
[pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 676] ioctl(4, LOOP_CLR_FD) = 0
[pid 676] close(4) = 0
[pid 676] chdir("./file0") = 0
[pid 676] creat("./bus", 000) = 4
[pid 676] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 676] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 676] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 676] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 676] exit_group(0) = ?
[pid 676] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=676, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/binderfs") = 0
umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./121/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./121/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./121/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./121/file1/lost+found") = 0
umount2("./121/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./121/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file0/file0") = 0
umount2("./121/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file0/file1") = 0
umount2("./121/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./121/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./121/file1/file0") = 0
umount2("./121/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file1") = 0
umount2("./121/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file2") = 0
umount2("./121/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file3") = 0
umount2("./121/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./121/file1") = -1 EBUSY (Device or resource busy)
umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./121/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./121") = 0
mkdir("./122", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 679
./strace-static-x86_64: Process 679 attached
[pid 679] set_robust_list(0x555557163660, 24) = 0
[pid 679] chdir("./122") = 0
[pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 679] setpgid(0, 0) = 0
[pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 679] write(3, "1000", 4) = 4
[pid 679] close(3) = 0
[pid 679] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 679] write(1, "executing program\n", 18) = 18
[pid 679] memfd_create("syzkaller", 0) = 3
[pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 679] munmap(0x7f1009176000, 138412032) = 0
[pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.405304][ T676] loop0: detected capacity change from 0 to 1024
[ 31.412674][ T676] EXT4-fs: Ignoring removed orlov option
[ 31.418244][ T676] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 679] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 679] close(3) = 0
[pid 679] close(4) = 0
[pid 679] mkdir("./file1", 0777) = 0
[pid 679] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 679] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 679] chdir("./file1") = 0
[pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 679] ioctl(4, LOOP_CLR_FD) = 0
[pid 679] close(4) = 0
[pid 679] chdir("./file0") = 0
[pid 679] creat("./bus", 000) = 4
[pid 679] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 679] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 679] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 679] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 679] exit_group(0) = ?
[pid 679] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=679, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/binderfs") = 0
umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./122/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./122/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./122/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./122/file1/lost+found") = 0
umount2("./122/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./122/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file0/file0") = 0
umount2("./122/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file0/file1") = 0
umount2("./122/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./122/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./122/file1/file0") = 0
umount2("./122/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file1") = 0
umount2("./122/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file2") = 0
umount2("./122/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file3") = 0
umount2("./122/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./122/file1") = -1 EBUSY (Device or resource busy)
umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./122/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./122") = 0
mkdir("./123", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 683
./strace-static-x86_64: Process 683 attached
[pid 683] set_robust_list(0x555557163660, 24) = 0
[pid 683] chdir("./123") = 0
[pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 683] setpgid(0, 0) = 0
[pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 683] write(3, "1000", 4) = 4
[pid 683] close(3executing program
) = 0
[pid 683] symlink("/dev/binderfs", "./binderfs") = 0
[pid 683] write(1, "executing program\n", 18) = 18
[pid 683] memfd_create("syzkaller", 0) = 3
[pid 683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 683] munmap(0x7f1009176000, 138412032) = 0
[pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.460332][ T679] loop0: detected capacity change from 0 to 1024
[ 31.467522][ T679] EXT4-fs: Ignoring removed orlov option
[ 31.473071][ T679] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 683] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 683] close(3) = 0
[pid 683] close(4) = 0
[pid 683] mkdir("./file1", 0777) = 0
[pid 683] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 683] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 683] chdir("./file1") = 0
[pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 683] ioctl(4, LOOP_CLR_FD) = 0
[pid 683] close(4) = 0
[pid 683] chdir("./file0") = 0
[pid 683] creat("./bus", 000) = 4
[pid 683] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 683] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 683] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 683] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 683] exit_group(0) = ?
[pid 683] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=683, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/binderfs") = 0
umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./123/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./123/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./123/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./123/file1/lost+found") = 0
umount2("./123/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./123/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file0/file0") = 0
umount2("./123/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file0/file1") = 0
umount2("./123/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./123/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./123/file1/file0") = 0
umount2("./123/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file1") = 0
umount2("./123/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file2") = 0
umount2("./123/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file3") = 0
umount2("./123/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./123/file1") = -1 EBUSY (Device or resource busy)
umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./123/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./123") = 0
mkdir("./124", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 686
./strace-static-x86_64: Process 686 attached
[pid 686] set_robust_list(0x555557163660, 24) = 0
[pid 686] chdir("./124") = 0
[pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 686] setpgid(0, 0) = 0
[pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 686] write(3, "1000", 4) = 4
[pid 686] close(3) = 0
[pid 686] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 686] write(1, "executing program\n", 18) = 18
[pid 686] memfd_create("syzkaller", 0) = 3
[pid 686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 31.520678][ T683] loop0: detected capacity change from 0 to 1024
[ 31.528402][ T683] EXT4-fs: Ignoring removed orlov option
[ 31.533958][ T683] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 686] munmap(0x7f1009176000, 138412032) = 0
[pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 686] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 686] close(3) = 0
[pid 686] close(4) = 0
[pid 686] mkdir("./file1", 0777) = 0
[pid 686] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 686] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 686] chdir("./file1") = 0
[pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 686] ioctl(4, LOOP_CLR_FD) = 0
[pid 686] close(4) = 0
[pid 686] chdir("./file0") = 0
[pid 686] creat("./bus", 000) = 4
[pid 686] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 686] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 686] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 686] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 686] exit_group(0) = ?
[pid 686] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=686, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/binderfs") = 0
umount2("./124/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./124/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./124/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./124/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./124/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./124/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./124/file1/lost+found") = 0
umount2("./124/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./124/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./124/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file0/file0") = 0
umount2("./124/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file0/file1") = 0
umount2("./124/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./124/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./124/file1/file0") = 0
umount2("./124/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file1") = 0
umount2("./124/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file2") = 0
umount2("./124/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file3") = 0
umount2("./124/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./124/file1") = -1 EBUSY (Device or resource busy)
umount2("./124/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./124/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./124") = 0
mkdir("./125", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 689
./strace-static-x86_64: Process 689 attached
[pid 689] set_robust_list(0x555557163660, 24) = 0
[pid 689] chdir("./125") = 0
[pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 689] setpgid(0, 0) = 0
[pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 689] write(3, "1000", 4) = 4
[pid 689] close(3) = 0
[pid 689] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 689] write(1, "executing program\n", 18) = 18
[pid 689] memfd_create("syzkaller", 0) = 3
[pid 689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 689] munmap(0x7f1009176000, 138412032) = 0
[pid 689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.582831][ T686] loop0: detected capacity change from 0 to 1024
[ 31.590762][ T686] EXT4-fs: Ignoring removed orlov option
[ 31.596394][ T686] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 689] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 689] close(3) = 0
[pid 689] close(4) = 0
[pid 689] mkdir("./file1", 0777) = 0
[pid 689] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 689] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 689] chdir("./file1") = 0
[pid 689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 689] ioctl(4, LOOP_CLR_FD) = 0
[pid 689] close(4) = 0
[pid 689] chdir("./file0") = 0
[pid 689] creat("./bus", 000) = 4
[pid 689] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 689] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 689] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 689] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 689] exit_group(0) = ?
[pid 689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=689, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/binderfs") = 0
umount2("./125/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./125/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./125/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./125/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./125/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./125/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./125/file1/lost+found") = 0
umount2("./125/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./125/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./125/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file0/file0") = 0
umount2("./125/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file0/file1") = 0
umount2("./125/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./125/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./125/file1/file0") = 0
umount2("./125/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file1") = 0
umount2("./125/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file2") = 0
umount2("./125/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file3") = 0
umount2("./125/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./125/file1") = -1 EBUSY (Device or resource busy)
umount2("./125/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./125/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./125") = 0
mkdir("./126", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 31.639709][ T689] loop0: detected capacity change from 0 to 1024
[ 31.647869][ T689] EXT4-fs: Ignoring removed orlov option
[ 31.653399][ T689] EXT4-fs: Ignoring removed nomblk_io_submit option
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 692
./strace-static-x86_64: Process 692 attached
[pid 692] set_robust_list(0x555557163660, 24) = 0
[pid 692] chdir("./126") = 0
[pid 692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 692] setpgid(0, 0) = 0
[pid 692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 692] write(3, "1000", 4) = 4
[pid 692] close(3) = 0
[pid 692] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 692] write(1, "executing program\n", 18) = 18
[pid 692] memfd_create("syzkaller", 0) = 3
[pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 692] munmap(0x7f1009176000, 138412032) = 0
[pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 692] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 692] close(3) = 0
[pid 692] close(4) = 0
[pid 692] mkdir("./file1", 0777) = 0
[pid 692] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 692] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 692] chdir("./file1") = 0
[pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 692] ioctl(4, LOOP_CLR_FD) = 0
[pid 692] close(4) = 0
[pid 692] chdir("./file0") = 0
[pid 692] creat("./bus", 000) = 4
[pid 692] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 692] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 692] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 692] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 692] exit_group(0) = ?
[pid 692] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=692, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/binderfs") = 0
umount2("./126/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./126/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./126/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./126/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./126/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./126/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./126/file1/lost+found") = 0
umount2("./126/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./126/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./126/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file0/file0") = 0
umount2("./126/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file0/file1") = 0
umount2("./126/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./126/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./126/file1/file0") = 0
umount2("./126/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file1") = 0
umount2("./126/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file2") = 0
umount2("./126/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file3") = 0
umount2("./126/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./126/file1") = -1 EBUSY (Device or resource busy)
[ 31.705926][ T692] loop0: detected capacity change from 0 to 1024
[ 31.714180][ T692] EXT4-fs: Ignoring removed orlov option
[ 31.719970][ T692] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./126/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./126/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./126") = 0
mkdir("./127", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 695
./strace-static-x86_64: Process 695 attached
[pid 695] set_robust_list(0x555557163660, 24) = 0
[pid 695] chdir("./127") = 0
[pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 695] setpgid(0, 0) = 0
[pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 695] write(3, "1000", 4) = 4
[pid 695] close(3) = 0
[pid 695] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 695] write(1, "executing program\n", 18) = 18
[pid 695] memfd_create("syzkaller", 0) = 3
[pid 695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 695] munmap(0x7f1009176000, 138412032) = 0
[pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 695] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 695] close(3) = 0
[pid 695] close(4) = 0
[pid 695] mkdir("./file1", 0777) = 0
[pid 695] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 695] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 695] chdir("./file1") = 0
[pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 695] ioctl(4, LOOP_CLR_FD) = 0
[pid 695] close(4) = 0
[pid 695] chdir("./file0") = 0
[pid 695] creat("./bus", 000) = 4
[pid 695] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 695] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 695] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 695] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 695] exit_group(0) = ?
[pid 695] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=695, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/binderfs") = 0
umount2("./127/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./127/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./127/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./127/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./127/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./127/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./127/file1/lost+found") = 0
umount2("./127/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./127/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./127/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file0/file0") = 0
umount2("./127/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file0/file1") = 0
umount2("./127/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./127/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./127/file1/file0") = 0
umount2("./127/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file1") = 0
umount2("./127/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file2") = 0
umount2("./127/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file3") = 0
umount2("./127/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./127/file1") = -1 EBUSY (Device or resource busy)
umount2("./127/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./127/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./127") = 0
mkdir("./128", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 698
./strace-static-x86_64: Process 698 attached
[pid 698] set_robust_list(0x555557163660, 24) = 0
[pid 698] chdir("./128") = 0
[pid 698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 698] setpgid(0, 0) = 0
[pid 698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 698] write(3, "1000", 4) = 4
[pid 698] close(3) = 0
[pid 698] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 698] write(1, "executing program\n", 18) = 18
[pid 698] memfd_create("syzkaller", 0) = 3
[pid 698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 698] munmap(0x7f1009176000, 138412032) = 0
[pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.778241][ T695] loop0: detected capacity change from 0 to 1024
[ 31.785738][ T695] EXT4-fs: Ignoring removed orlov option
[ 31.791482][ T695] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 698] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 698] close(3) = 0
[pid 698] close(4) = 0
[pid 698] mkdir("./file1", 0777) = 0
[pid 698] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 698] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 698] chdir("./file1") = 0
[pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 698] ioctl(4, LOOP_CLR_FD) = 0
[pid 698] close(4) = 0
[pid 698] chdir("./file0") = 0
[pid 698] creat("./bus", 000) = 4
[pid 698] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 698] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 698] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 698] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 698] exit_group(0) = ?
[pid 698] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=698, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/binderfs") = 0
umount2("./128/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./128/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./128/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./128/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./128/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./128/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./128/file1/lost+found") = 0
umount2("./128/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./128/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./128/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file0/file0") = 0
umount2("./128/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file0/file1") = 0
umount2("./128/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./128/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./128/file1/file0") = 0
umount2("./128/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file1") = 0
umount2("./128/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file2") = 0
umount2("./128/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file3") = 0
umount2("./128/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./128/file1") = -1 EBUSY (Device or resource busy)
umount2("./128/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./128/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./128") = 0
mkdir("./129", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 701
./strace-static-x86_64: Process 701 attached
[pid 701] set_robust_list(0x555557163660, 24) = 0
[pid 701] chdir("./129") = 0
[pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 701] setpgid(0, 0) = 0
executing program
[pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 701] write(3, "1000", 4) = 4
[pid 701] close(3) = 0
[pid 701] symlink("/dev/binderfs", "./binderfs") = 0
[pid 701] write(1, "executing program\n", 18) = 18
[pid 701] memfd_create("syzkaller", 0) = 3
[pid 701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 31.838739][ T698] loop0: detected capacity change from 0 to 1024
[ 31.845771][ T698] EXT4-fs: Ignoring removed orlov option
[ 31.851537][ T698] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 701] munmap(0x7f1009176000, 138412032) = 0
[pid 701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 701] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 701] close(3) = 0
[pid 701] close(4) = 0
[pid 701] mkdir("./file1", 0777) = 0
[pid 701] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 701] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 701] chdir("./file1") = 0
[pid 701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 701] ioctl(4, LOOP_CLR_FD) = 0
[pid 701] close(4) = 0
[pid 701] chdir("./file0") = 0
[pid 701] creat("./bus", 000) = 4
[pid 701] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 701] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 701] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 701] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 701] exit_group(0) = ?
[pid 701] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=701, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/binderfs") = 0
umount2("./129/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./129/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./129/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./129/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./129/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./129/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./129/file1/lost+found") = 0
umount2("./129/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./129/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./129/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file0/file0") = 0
umount2("./129/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file0/file1") = 0
umount2("./129/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./129/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./129/file1/file0") = 0
umount2("./129/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file1") = 0
umount2("./129/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file2") = 0
umount2("./129/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file3") = 0
umount2("./129/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./129/file1") = -1 EBUSY (Device or resource busy)
umount2("./129/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./129/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./129") = 0
mkdir("./130", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 704
./strace-static-x86_64: Process 704 attached
[pid 704] set_robust_list(0x555557163660, 24) = 0
[pid 704] chdir("./130") = 0
[pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 704] setpgid(0, 0) = 0
[pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 704] write(3, "1000", 4) = 4
[pid 704] close(3) = 0
[pid 704] symlink("/dev/binderfs", "./binderfs") = 0
[pid 704] write(1, "executing program\n", 18) = 18
[pid 704] memfd_create("syzkaller", 0) = 3
[pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 704] munmap(0x7f1009176000, 138412032) = 0
[pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.900039][ T701] loop0: detected capacity change from 0 to 1024
[ 31.907559][ T701] EXT4-fs: Ignoring removed orlov option
[ 31.913044][ T701] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 704] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 704] close(3) = 0
[pid 704] close(4) = 0
[pid 704] mkdir("./file1", 0777) = 0
[pid 704] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 704] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 704] chdir("./file1") = 0
[pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 704] ioctl(4, LOOP_CLR_FD) = 0
[pid 704] close(4) = 0
[pid 704] chdir("./file0") = 0
[pid 704] creat("./bus", 000) = 4
[pid 704] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 704] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 704] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 704] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 704] exit_group(0) = ?
[pid 704] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=704, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/binderfs") = 0
umount2("./130/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./130/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./130/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./130/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./130/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./130/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./130/file1/lost+found") = 0
umount2("./130/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./130/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./130/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file0/file0") = 0
umount2("./130/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file0/file1") = 0
umount2("./130/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./130/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./130/file1/file0") = 0
umount2("./130/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file1") = 0
umount2("./130/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file2") = 0
umount2("./130/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file3") = 0
umount2("./130/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./130/file1") = -1 EBUSY (Device or resource busy)
umount2("./130/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./130/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./130") = 0
mkdir("./131", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 707
./strace-static-x86_64: Process 707 attached
[pid 707] set_robust_list(0x555557163660, 24) = 0
[pid 707] chdir("./131") = 0
[pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 707] setpgid(0, 0) = 0
[pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 707] write(3, "1000", 4) = 4
[pid 707] close(3) = 0
[pid 707] symlink("/dev/binderfs", "./binderfs") = 0
[pid 707] write(1, "executing program\n", 18) = 18
[pid 707] memfd_create("syzkaller", 0) = 3
[pid 707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 707] munmap(0x7f1009176000, 138412032) = 0
[pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.958933][ T704] loop0: detected capacity change from 0 to 1024
[ 31.966127][ T704] EXT4-fs: Ignoring removed orlov option
[ 31.971974][ T704] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 707] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 707] close(3) = 0
[pid 707] close(4) = 0
[pid 707] mkdir("./file1", 0777) = 0
[pid 707] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 707] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 707] chdir("./file1") = 0
[pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 707] ioctl(4, LOOP_CLR_FD) = 0
[pid 707] close(4) = 0
[pid 707] chdir("./file0") = 0
[pid 707] creat("./bus", 000) = 4
[pid 707] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 707] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 707] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 707] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 707] exit_group(0) = ?
[pid 707] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=707, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/binderfs") = 0
umount2("./131/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./131/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./131/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./131/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./131/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./131/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./131/file1/lost+found") = 0
umount2("./131/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./131/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./131/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file0/file0") = 0
umount2("./131/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file0/file1") = 0
umount2("./131/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./131/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./131/file1/file0") = 0
umount2("./131/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file1") = 0
umount2("./131/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file2") = 0
umount2("./131/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file3") = 0
umount2("./131/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./131/file1") = -1 EBUSY (Device or resource busy)
umount2("./131/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./131/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./131") = 0
mkdir("./132", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 710
./strace-static-x86_64: Process 710 attached
[pid 710] set_robust_list(0x555557163660, 24) = 0
[pid 710] chdir("./132") = 0
[pid 710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 710] setpgid(0, 0) = 0
[pid 710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 710] write(3, "1000", 4) = 4
[pid 710] close(3) = 0
[pid 710] symlink("/dev/binderfs", "./binderfs") = 0
[pid 710] write(1, "executing program\n", 18) = 18
[pid 710] memfd_create("syzkaller", 0) = 3
[pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 710] munmap(0x7f1009176000, 138412032) = 0
[ 32.019825][ T707] loop0: detected capacity change from 0 to 1024
[ 32.026944][ T707] EXT4-fs: Ignoring removed orlov option
[ 32.032448][ T707] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 710] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 710] close(3) = 0
[pid 710] close(4) = 0
[pid 710] mkdir("./file1", 0777) = 0
[pid 710] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 710] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 710] chdir("./file1") = 0
[pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 710] ioctl(4, LOOP_CLR_FD) = 0
[pid 710] close(4) = 0
[pid 710] chdir("./file0") = 0
[pid 710] creat("./bus", 000) = 4
[pid 710] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 710] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 710] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 710] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 710] exit_group(0) = ?
[pid 710] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=710, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/binderfs") = 0
umount2("./132/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./132/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./132/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./132/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./132/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./132/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./132/file1/lost+found") = 0
umount2("./132/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./132/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./132/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file0/file0") = 0
umount2("./132/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file0/file1") = 0
umount2("./132/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./132/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./132/file1/file0") = 0
umount2("./132/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file1") = 0
umount2("./132/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file2") = 0
umount2("./132/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file3") = 0
umount2("./132/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./132/file1") = -1 EBUSY (Device or resource busy)
umount2("./132/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./132/file1"executing program
) = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./132") = 0
mkdir("./133", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 713
./strace-static-x86_64: Process 713 attached
[pid 713] set_robust_list(0x555557163660, 24) = 0
[pid 713] chdir("./133") = 0
[pid 713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 713] setpgid(0, 0) = 0
[pid 713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 713] write(3, "1000", 4) = 4
[pid 713] close(3) = 0
[pid 713] symlink("/dev/binderfs", "./binderfs") = 0
[pid 713] write(1, "executing program\n", 18) = 18
[pid 713] memfd_create("syzkaller", 0) = 3
[pid 713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[ 32.080296][ T710] loop0: detected capacity change from 0 to 1024
[ 32.089913][ T710] EXT4-fs: Ignoring removed orlov option
[ 32.095446][ T710] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 713] munmap(0x7f1009176000, 138412032) = 0
[pid 713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 713] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 713] close(3) = 0
[pid 713] close(4) = 0
[pid 713] mkdir("./file1", 0777) = 0
[pid 713] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 713] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 713] chdir("./file1") = 0
[pid 713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 713] ioctl(4, LOOP_CLR_FD) = 0
[pid 713] close(4) = 0
[pid 713] chdir("./file0") = 0
[pid 713] creat("./bus", 000) = 4
[pid 713] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 713] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 713] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 713] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 713] exit_group(0) = ?
[pid 713] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=713, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/binderfs") = 0
umount2("./133/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./133/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./133/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./133/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./133/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./133/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./133/file1/lost+found") = 0
umount2("./133/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./133/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./133/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file0/file0") = 0
umount2("./133/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file0/file1") = 0
umount2("./133/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./133/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./133/file1/file0") = 0
umount2("./133/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file1") = 0
umount2("./133/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file2") = 0
umount2("./133/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file3") = 0
umount2("./133/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./133/file1") = -1 EBUSY (Device or resource busy)
umount2("./133/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./133/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./133") = 0
mkdir("./134", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 716
./strace-static-x86_64: Process 716 attached
[pid 716] set_robust_list(0x555557163660, 24) = 0
[pid 716] chdir("./134") = 0
[pid 716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 716] setpgid(0, 0) = 0
[pid 716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 716] write(3, "1000", 4) = 4
[pid 716] close(3) = 0
[pid 716] symlink("/dev/binderfs", "./binderfs") = 0
[pid 716] write(1, "executing program\n", 18) = 18
[pid 716] memfd_create("syzkaller", 0) = 3
[pid 716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 716] munmap(0x7f1009176000, 138412032) = 0
[pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.144829][ T713] loop0: detected capacity change from 0 to 1024
[ 32.152909][ T713] EXT4-fs: Ignoring removed orlov option
[ 32.158731][ T713] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 716] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 716] close(3) = 0
[pid 716] close(4) = 0
[pid 716] mkdir("./file1", 0777) = 0
[pid 716] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 716] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 716] chdir("./file1") = 0
[pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 716] ioctl(4, LOOP_CLR_FD) = 0
[pid 716] close(4) = 0
[pid 716] chdir("./file0") = 0
[pid 716] creat("./bus", 000) = 4
[pid 716] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 716] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 716] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 716] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 716] exit_group(0) = ?
[pid 716] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=716, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/binderfs") = 0
umount2("./134/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./134/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./134/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./134/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./134/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./134/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./134/file1/lost+found") = 0
umount2("./134/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./134/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./134/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file0/file0") = 0
umount2("./134/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file0/file1") = 0
umount2("./134/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./134/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./134/file1/file0") = 0
umount2("./134/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file1") = 0
umount2("./134/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file2") = 0
umount2("./134/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file3") = 0
umount2("./134/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./134/file1") = -1 EBUSY (Device or resource busy)
umount2("./134/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./134/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./134") = 0
mkdir("./135", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 719
./strace-static-x86_64: Process 719 attached
[pid 719] set_robust_list(0x555557163660, 24) = 0
[pid 719] chdir("./135") = 0
[pid 719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 719] setpgid(0, 0) = 0
[pid 719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 719] write(3, "1000", 4) = 4
[pid 719] close(3) = 0
[pid 719] symlink("/dev/binderfs", "./binderfs") = 0
[pid 719] write(1, "executing program\n", 18executing program
) = 18
[pid 719] memfd_create("syzkaller", 0) = 3
[pid 719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 32.201670][ T716] loop0: detected capacity change from 0 to 1024
[ 32.209195][ T716] EXT4-fs: Ignoring removed orlov option
[ 32.214817][ T716] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 719] munmap(0x7f1009176000, 138412032) = 0
[pid 719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 719] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 719] close(3) = 0
[pid 719] close(4) = 0
[pid 719] mkdir("./file1", 0777) = 0
[pid 719] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 719] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 719] chdir("./file1") = 0
[pid 719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 719] ioctl(4, LOOP_CLR_FD) = 0
[pid 719] close(4) = 0
[pid 719] chdir("./file0") = 0
[pid 719] creat("./bus", 000) = 4
[pid 719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 719] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 719] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 719] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 719] exit_group(0) = ?
[pid 719] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=719, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/binderfs") = 0
umount2("./135/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./135/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./135/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./135/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./135/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./135/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./135/file1/lost+found") = 0
umount2("./135/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./135/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./135/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file0/file0") = 0
umount2("./135/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file0/file1") = 0
umount2("./135/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./135/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./135/file1/file0") = 0
umount2("./135/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file1") = 0
umount2("./135/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file2") = 0
umount2("./135/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file3") = 0
umount2("./135/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./135/file1") = -1 EBUSY (Device or resource busy)
[ 32.263206][ T719] loop0: detected capacity change from 0 to 1024
[ 32.271416][ T719] EXT4-fs: Ignoring removed orlov option
[ 32.277171][ T719] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./135/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./135/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./135") = 0
mkdir("./136", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 722
./strace-static-x86_64: Process 722 attached
[pid 722] set_robust_list(0x555557163660, 24) = 0
[pid 722] chdir("./136") = 0
[pid 722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 722] setpgid(0, 0) = 0
[pid 722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 722] write(3, "1000", 4) = 4
[pid 722] close(3) = 0
[pid 722] symlink("/dev/binderfs", "./binderfs") = 0
[pid 722] write(1, "executing program\n", 18) = 18
[pid 722] memfd_create("syzkaller", 0) = 3
[pid 722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 722] munmap(0x7f1009176000, 138412032) = 0
[pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 722] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 722] close(3) = 0
[pid 722] close(4) = 0
[pid 722] mkdir("./file1", 0777) = 0
[pid 722] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 722] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 722] chdir("./file1") = 0
[pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 722] ioctl(4, LOOP_CLR_FD) = 0
[pid 722] close(4) = 0
[pid 722] chdir("./file0") = 0
[pid 722] creat("./bus", 000) = 4
[pid 722] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 722] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 722] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 722] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 722] exit_group(0) = ?
[pid 722] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=722, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/binderfs") = 0
umount2("./136/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./136/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./136/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./136/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./136/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./136/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./136/file1/lost+found") = 0
umount2("./136/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./136/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./136/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file0/file0") = 0
umount2("./136/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file0/file1") = 0
umount2("./136/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./136/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./136/file1/file0") = 0
umount2("./136/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file1") = 0
umount2("./136/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file2") = 0
umount2("./136/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file3") = 0
umount2("./136/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./136/file1") = -1 EBUSY (Device or resource busy)
umount2("./136/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./136/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./136") = 0
mkdir("./137", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 725
./strace-static-x86_64: Process 725 attached
[pid 725] set_robust_list(0x555557163660, 24) = 0
[pid 725] chdir("./137") = 0
[pid 725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 725] setpgid(0, 0) = 0
[pid 725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 725] write(3, "1000", 4) = 4
[pid 725] close(3) = 0
[pid 725] symlink("/dev/binderfs", "./binderfs") = 0
[pid 725] write(1, "executing program\n", 18executing program
) = 18
[pid 725] memfd_create("syzkaller", 0) = 3
[ 32.327877][ T722] loop0: detected capacity change from 0 to 1024
[ 32.334857][ T722] EXT4-fs: Ignoring removed orlov option
[ 32.340670][ T722] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 725] munmap(0x7f1009176000, 138412032) = 0
[pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 725] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 725] close(3) = 0
[pid 725] close(4) = 0
[pid 725] mkdir("./file1", 0777) = 0
[pid 725] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 725] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 725] chdir("./file1") = 0
[pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 725] ioctl(4, LOOP_CLR_FD) = 0
[pid 725] close(4) = 0
[pid 725] chdir("./file0") = 0
[pid 725] creat("./bus", 000) = 4
[pid 725] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 725] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 725] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 725] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 725] exit_group(0) = ?
[pid 725] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=725, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/binderfs") = 0
umount2("./137/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./137/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./137/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./137/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./137/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./137/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./137/file1/lost+found") = 0
umount2("./137/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./137/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./137/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file0/file0") = 0
umount2("./137/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file0/file1") = 0
umount2("./137/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./137/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./137/file1/file0") = 0
umount2("./137/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file1") = 0
umount2("./137/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file2") = 0
umount2("./137/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file3") = 0
umount2("./137/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./137/file1") = -1 EBUSY (Device or resource busy)
[ 32.392080][ T725] loop0: detected capacity change from 0 to 1024
[ 32.399905][ T725] EXT4-fs: Ignoring removed orlov option
[ 32.405427][ T725] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./137/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./137/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./137") = 0
mkdir("./138", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 728
./strace-static-x86_64: Process 728 attached
[pid 728] set_robust_list(0x555557163660, 24) = 0
[pid 728] chdir("./138") = 0
[pid 728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 728] setpgid(0, 0) = 0
[pid 728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 728] write(3, "1000", 4) = 4
[pid 728] close(3) = 0
[pid 728] symlink("/dev/binderfs", "./binderfs") = 0
[pid 728] write(1, "executing program\n", 18) = 18
[pid 728] memfd_create("syzkaller", 0) = 3
[pid 728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 728] munmap(0x7f1009176000, 138412032) = 0
[pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 728] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 728] close(3) = 0
[pid 728] close(4) = 0
[pid 728] mkdir("./file1", 0777) = 0
[ 32.443185][ T296] EXT4-fs unmount: 212 callbacks suppressed
[ 32.443196][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.465428][ T728] loop0: detected capacity change from 0 to 1024
[ 32.472505][ T728] EXT4-fs: Ignoring removed orlov option
[ 32.478172][ T728] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 728] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 728] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 728] chdir("./file1") = 0
[pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 728] ioctl(4, LOOP_CLR_FD) = 0
[pid 728] close(4) = 0
[pid 728] chdir("./file0") = 0
[pid 728] creat("./bus", 000) = 4
[pid 728] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 728] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 728] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 728] exit_group(0) = ?
[pid 728] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=728, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/binderfs") = 0
umount2("./138/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./138/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./138/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./138/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./138/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./138/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./138/file1/lost+found") = 0
umount2("./138/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./138/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./138/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file0/file0") = 0
umount2("./138/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file0/file1") = 0
umount2("./138/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./138/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./138/file1/file0") = 0
umount2("./138/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file1") = 0
umount2("./138/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file2") = 0
umount2("./138/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file3") = 0
umount2("./138/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./138/file1") = -1 EBUSY (Device or resource busy)
[ 32.487852][ T728] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./138/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./138/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./138") = 0
mkdir("./139", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 732
./strace-static-x86_64: Process 732 attached
[pid 732] set_robust_list(0x555557163660, 24) = 0
[pid 732] chdir("./139") = 0
[pid 732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 732] setpgid(0, 0) = 0
[pid 732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 732] write(3, "1000", 4) = 4
[pid 732] close(3) = 0
[pid 732] symlink("/dev/binderfs", "./binderfs") = 0
[pid 732] write(1, "executing program\n", 18) = 18
[pid 732] memfd_create("syzkaller", 0) = 3
[pid 732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 732] munmap(0x7f1009176000, 138412032) = 0
[pid 732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 732] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 732] close(3) = 0
[pid 732] close(4) = 0
[pid 732] mkdir("./file1", 0777) = 0
[ 32.521787][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.538485][ T732] loop0: detected capacity change from 0 to 1024
[ 32.547791][ T732] EXT4-fs: Ignoring removed orlov option
[ 32.553261][ T732] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 732] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 732] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 732] chdir("./file1") = 0
[pid 732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 732] ioctl(4, LOOP_CLR_FD) = 0
[pid 732] close(4) = 0
[pid 732] chdir("./file0") = 0
[pid 732] creat("./bus", 000) = 4
[pid 732] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 732] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 732] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 732] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 732] exit_group(0) = ?
[pid 732] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=732, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/binderfs") = 0
umount2("./139/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./139/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./139/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./139/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./139/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./139/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./139/file1/lost+found") = 0
umount2("./139/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./139/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./139/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file0/file0") = 0
umount2("./139/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file0/file1") = 0
umount2("./139/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./139/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./139/file1/file0") = 0
umount2("./139/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file1") = 0
umount2("./139/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file2") = 0
umount2("./139/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file3") = 0
umount2("./139/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./139/file1") = -1 EBUSY (Device or resource busy)
[ 32.567528][ T732] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./139/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./139/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./139") = 0
mkdir("./140", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 735
./strace-static-x86_64: Process 735 attached
[pid 735] set_robust_list(0x555557163660, 24) = 0
[pid 735] chdir("./140") = 0
[pid 735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 735] setpgid(0, 0) = 0
[pid 735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 735] write(3, "1000", 4) = 4
[pid 735] close(3) = 0
[pid 735] symlink("/dev/binderfs", "./binderfs") = 0
[pid 735] write(1, "executing program\n", 18) = 18
[pid 735] memfd_create("syzkaller", 0) = 3
[pid 735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 735] munmap(0x7f1009176000, 138412032) = 0
[pid 735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 735] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 735] close(3) = 0
[pid 735] close(4) = 0
[pid 735] mkdir("./file1", 0777) = 0
[pid 735] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 735] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 735] chdir("./file1") = 0
[pid 735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 735] ioctl(4, LOOP_CLR_FD) = 0
[pid 735] close(4) = 0
[pid 735] chdir("./file0") = 0
[pid 735] creat("./bus", 000) = 4
[pid 735] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 735] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 735] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 735] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 735] exit_group(0) = ?
[pid 735] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=735, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/binderfs") = 0
umount2("./140/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./140/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./140/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./140/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./140/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./140/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./140/file1/lost+found") = 0
umount2("./140/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./140/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./140/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file0/file0") = 0
umount2("./140/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file0/file1") = 0
umount2("./140/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./140/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./140/file1/file0") = 0
umount2("./140/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file1") = 0
umount2("./140/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file2") = 0
umount2("./140/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file3") = 0
umount2("./140/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./140/file1") = -1 EBUSY (Device or resource busy)
[ 32.595937][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.614878][ T735] loop0: detected capacity change from 0 to 1024
[ 32.622949][ T735] EXT4-fs: Ignoring removed orlov option
[ 32.628648][ T735] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.637366][ T735] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./140/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./140/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./140") = 0
mkdir("./141", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 738
./strace-static-x86_64: Process 738 attached
[pid 738] set_robust_list(0x555557163660, 24) = 0
[pid 738] chdir("./141") = 0
[pid 738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 738] setpgid(0, 0) = 0
[pid 738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 738] write(3, "1000", 4) = 4
[pid 738] close(3) = 0
[pid 738] symlink("/dev/binderfs", "./binderfs") = 0
[pid 738] write(1, "executing program\n", 18executing program
) = 18
[pid 738] memfd_create("syzkaller", 0) = 3
[pid 738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 738] munmap(0x7f1009176000, 138412032) = 0
[pid 738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 738] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 738] close(3) = 0
[pid 738] close(4) = 0
[pid 738] mkdir("./file1", 0777) = 0
[ 32.664860][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.685415][ T738] loop0: detected capacity change from 0 to 1024
[ 32.692538][ T738] EXT4-fs: Ignoring removed orlov option
[ 32.698086][ T738] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 738] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 738] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 738] chdir("./file1") = 0
[pid 738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 738] ioctl(4, LOOP_CLR_FD) = 0
[pid 738] close(4) = 0
[pid 738] chdir("./file0") = 0
[pid 738] creat("./bus", 000) = 4
[pid 738] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 738] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 738] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 738] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 738] exit_group(0) = ?
[pid 738] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=738, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/binderfs") = 0
umount2("./141/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./141/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./141/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./141/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./141/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./141/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./141/file1/lost+found") = 0
umount2("./141/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./141/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./141/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file0/file0") = 0
umount2("./141/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file0/file1") = 0
umount2("./141/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./141/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./141/file1/file0") = 0
umount2("./141/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file1") = 0
umount2("./141/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file2") = 0
umount2("./141/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file3") = 0
umount2("./141/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./141/file1") = -1 EBUSY (Device or resource busy)
umount2("./141/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./141/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./141") = 0
mkdir("./142", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555557163650) = 741
./strace-static-x86_64: Process 741 attached
[pid 741] set_robust_list(0x555557163660, 24) = 0
[pid 741] chdir("./142") = 0
[pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 741] setpgid(0, 0) = 0
[pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 741] write(3, "1000", 4) = 4
[pid 741] close(3) = 0
[pid 741] symlink("/dev/binderfs", "./binderfs") = 0
[pid 741] write(1, "executing program\n", 18) = 18
[pid 741] memfd_create("syzkaller", 0) = 3
[pid 741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 741] munmap(0x7f1009176000, 138412032) = 0
[pid 741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 741] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 741] close(3) = 0
[pid 741] close(4) = 0
[pid 741] mkdir("./file1", 0777) = 0
[ 32.707315][ T738] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.732908][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.749507][ T741] loop0: detected capacity change from 0 to 1024
[ 32.756804][ T741] EXT4-fs: Ignoring removed orlov option
[pid 741] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 741] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 741] chdir("./file1") = 0
[pid 741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 741] ioctl(4, LOOP_CLR_FD) = 0
[pid 741] close(4) = 0
[pid 741] chdir("./file0") = 0
[pid 741] creat("./bus", 000) = 4
[pid 741] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 741] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 741] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 741] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 741] exit_group(0) = ?
[pid 741] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=741, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/binderfs") = 0
umount2("./142/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./142/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./142/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./142/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./142/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./142/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./142/file1/lost+found") = 0
umount2("./142/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./142/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./142/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file0/file0") = 0
umount2("./142/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file0/file1") = 0
umount2("./142/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./142/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./142/file1/file0") = 0
umount2("./142/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file1") = 0
umount2("./142/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file2") = 0
umount2("./142/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file3") = 0
umount2("./142/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./142/file1") = -1 EBUSY (Device or resource busy)
[ 32.762304][ T741] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.777464][ T741] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./142/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./142/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./142") = 0
mkdir("./143", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 744
./strace-static-x86_64: Process 744 attached
[pid 744] set_robust_list(0x555557163660, 24) = 0
[pid 744] chdir("./143") = 0
[pid 744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 744] setpgid(0, 0) = 0
[pid 744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 744] write(3, "1000", 4) = 4
[pid 744] close(3) = 0
[pid 744] symlink("/dev/binderfs", "./binderfs") = 0
[pid 744] write(1, "executing program\n", 18) = 18
[pid 744] memfd_create("syzkaller", 0) = 3
[pid 744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 744] munmap(0x7f1009176000, 138412032) = 0
[pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 744] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 744] close(3) = 0
[pid 744] close(4) = 0
[pid 744] mkdir("./file1", 0777) = 0
[ 32.807589][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.829049][ T744] loop0: detected capacity change from 0 to 1024
[ 32.837336][ T744] EXT4-fs: Ignoring removed orlov option
[ 32.842895][ T744] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 744] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 744] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 744] chdir("./file1") = 0
[pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 744] ioctl(4, LOOP_CLR_FD) = 0
[pid 744] close(4) = 0
[pid 744] chdir("./file0") = 0
[pid 744] creat("./bus", 000) = 4
[pid 744] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 744] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 744] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 744] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 744] exit_group(0) = ?
[pid 744] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=744, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/binderfs") = 0
umount2("./143/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./143/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./143/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./143/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./143/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./143/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./143/file1/lost+found") = 0
umount2("./143/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./143/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./143/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file0/file0") = 0
umount2("./143/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file0/file1") = 0
umount2("./143/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./143/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./143/file1/file0") = 0
umount2("./143/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file1") = 0
umount2("./143/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file2") = 0
umount2("./143/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file3") = 0
umount2("./143/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./143/file1") = -1 EBUSY (Device or resource busy)
umount2("./143/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./143/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./143") = 0
mkdir("./144", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 747
./strace-static-x86_64: Process 747 attached
[pid 747] set_robust_list(0x555557163660, 24) = 0
[pid 747] chdir("./144") = 0
[pid 747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 747] setpgid(0, 0) = 0
[pid 747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 747] write(3, "1000", 4) = 4
[pid 747] close(3) = 0
[pid 747] symlink("/dev/binderfs", "./binderfs") = 0
[pid 747] write(1, "executing program\n", 18executing program
) = 18
[pid 747] memfd_create("syzkaller", 0) = 3
[pid 747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 747] munmap(0x7f1009176000, 138412032) = 0
[pid 747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.857309][ T744] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.890015][ T296] EXT4-fs (loop0): unmounting filesystem.
[pid 747] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 747] close(3) = 0
[pid 747] close(4) = 0
[pid 747] mkdir("./file1", 0777) = 0
[pid 747] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 747] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 747] chdir("./file1") = 0
[pid 747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 747] ioctl(4, LOOP_CLR_FD) = 0
[pid 747] close(4) = 0
[pid 747] chdir("./file0") = 0
[pid 747] creat("./bus", 000) = 4
[pid 747] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 747] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 747] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 747] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 747] exit_group(0) = ?
[pid 747] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=747, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112
umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/binderfs") = 0
umount2("./144/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./144/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./144/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./144/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555716c730 /* 8 entries */, 32768) = 240
umount2("./144/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./144/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./144/file1/lost+found") = 0
umount2("./144/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./144/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555557174770 /* 5 entries */, 32768) = 136
umount2("./144/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file0/file0") = 0
umount2("./144/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file0/file1") = 0
umount2("./144/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./144/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file0/bus") = 0
getdents64(5, 0x555557174770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./144/file1/file0") = 0
umount2("./144/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file1") = 0
umount2("./144/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file2") = 0
umount2("./144/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file3") = 0
umount2("./144/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/file1/file.cold") = 0
getdents64(4, 0x55555716c730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./144/file1") = -1 EBUSY (Device or resource busy)
[ 32.910679][ T747] loop0: detected capacity change from 0 to 1024
[ 32.918321][ T747] EXT4-fs: Ignoring removed orlov option
[ 32.924052][ T747] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.937212][ T747] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./144/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./144/file1") = 0
getdents64(3, 0x5555571646f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./144") = 0
mkdir("./145", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557163650) = 750
./strace-static-x86_64: Process 750 attached
[pid 750] set_robust_list(0x555557163660, 24) = 0
[pid 750] chdir("./145") = 0
[pid 750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 750] setpgid(0, 0) = 0
[pid 750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 750] write(3, "1000", 4) = 4
[pid 750] close(3) = 0
[pid 750] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 750] write(1, "executing program\n", 18) = 18
[pid 750] memfd_create("syzkaller", 0) = 3
[pid 750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1009176000
[pid 750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 750] munmap(0x7f1009176000, 138412032) = 0
[pid 750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 750] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 750] close(3) = 0
[pid 750] close(4) = 0
[pid 750] mkdir("./file1", 0777) = 0
[ 32.964172][ T296] EXT4-fs (loop0): unmounting filesystem.
[ 32.984496][ T750] loop0: detected capacity change from 0 to 1024
[ 32.992446][ T750] EXT4-fs: Ignoring removed orlov option
[ 32.998457][ T750] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 750] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 750] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 750] chdir("./file1") = 0
[pid 750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 750] ioctl(4, LOOP_CLR_FD) = 0
[pid 750] close(4) = 0
[pid 750] chdir("./file0") = 0
[pid 750] creat("./bus", 000) = 4
[pid 750] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 750] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 750] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 750] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 750] exit_group(0) = ?
[pid 750] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=750, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571646f0 /* 4 entries */, 32768) = 112