./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1889599013

<...>
Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts.
execve("./syz-executor1889599013", ["./syz-executor1889599013"], 0x7ffc17c2f160 /* 10 vars */) = 0
brk(NULL)                               = 0x555561544000
brk(0x555561544d00)                     = 0x555561544d00
arch_prctl(ARCH_SET_FS, 0x555561544380) = 0
set_tid_address(0x555561544650)         = 5837
set_robust_list(0x555561544660, 24)     = 0
rseq(0x555561544ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1889599013", 4096) = 28
getrandom("\xe6\x13\xfa\xd5\x8a\xbb\x02\x53", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555561544d00
brk(0x555561565d00)                     = 0x555561565d00
brk(0x555561566000)                     = 0x555561566000
mprotect(0x7f282789b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached
 <unfinished ...>
[pid  5838] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5837] <... clone resumed>, child_tidptr=0x555561544650) = 5838
[pid  5838] <... set_robust_list resumed>) = 0
[pid  5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5838] getrandom("\x27\x4b\xf8\x2c\x4d\xe4\xf6\x82", 8, GRND_NONBLOCK) = 8
./strace-static-x86_64: Process 5839 attached
[pid  5839] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5838] mkdir("./syzkaller.pqIIqk", 0700 <unfinished ...>
[pid  5837] <... clone resumed>, child_tidptr=0x555561544650) = 5839
[pid  5839] <... set_robust_list resumed>) = 0
[pid  5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5839] mkdir("./syzkaller.DVfqAS", 0700 <unfinished ...>
[pid  5837] <... clone resumed>, child_tidptr=0x555561544650) = 5840
./strace-static-x86_64: Process 5840 attached
[pid  5839] <... mkdir resumed>)        = 0
[pid  5838] <... mkdir resumed>)        = 0
[pid  5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5840] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5839] chmod("./syzkaller.DVfqAS", 0777) = 0
./strace-static-x86_64: Process 5841 attached
[pid  5840] <... set_robust_list resumed>) = 0
[pid  5838] chmod("./syzkaller.pqIIqk", 0777 <unfinished ...>
[pid  5837] <... clone resumed>, child_tidptr=0x555561544650) = 5841
[pid  5840] mkdir("./syzkaller.5O2O0U", 0700 <unfinished ...>
[pid  5839] chdir("./syzkaller.DVfqAS" <unfinished ...>
[pid  5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5841] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5838] <... chmod resumed>)        = 0
[pid  5839] <... chdir resumed>)        = 0
[pid  5841] <... set_robust_list resumed>) = 0
[pid  5838] chdir("./syzkaller.pqIIqk" <unfinished ...>
[pid  5839] mkdir("./0", 0777 <unfinished ...>
[pid  5838] <... chdir resumed>)        = 0
./strace-static-x86_64: Process 5842 attached
[pid  5841] mkdir("./syzkaller.rdP2SB", 0700 <unfinished ...>
[pid  5840] <... mkdir resumed>)        = 0
[pid  5838] mkdir("./0", 0777 <unfinished ...>
[pid  5837] <... clone resumed>, child_tidptr=0x555561544650) = 5842
[pid  5842] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5841] <... mkdir resumed>)        = 0
[pid  5840] chmod("./syzkaller.5O2O0U", 0777 <unfinished ...>
[pid  5839] <... mkdir resumed>)        = 0
[pid  5838] <... mkdir resumed>)        = 0
[pid  5842] <... set_robust_list resumed>) = 0
[pid  5841] chmod("./syzkaller.rdP2SB", 0777 <unfinished ...>
[pid  5840] <... chmod resumed>)        = 0
[pid  5842] mkdir("./syzkaller.Q9g2pH", 0700 <unfinished ...>
[pid  5841] <... chmod resumed>)        = 0
[pid  5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5841] chdir("./syzkaller.rdP2SB" <unfinished ...>
[pid  5840] chdir("./syzkaller.5O2O0U" <unfinished ...>
[pid  5838] <... openat resumed>)       = 3
[pid  5841] <... chdir resumed>)        = 0
[pid  5841] mkdir("./0", 0777 <unfinished ...>
[pid  5840] <... chdir resumed>)        = 0
[pid  5838] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5842] <... mkdir resumed>)        = 0
[pid  5841] <... mkdir resumed>)        = 0
[pid  5840] mkdir("./0", 0777 <unfinished ...>
[pid  5839] <... openat resumed>)       = 3
[pid  5838] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5842] chmod("./syzkaller.Q9g2pH", 0777 <unfinished ...>
[pid  5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5839] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5838] close(3 <unfinished ...>
[pid  5842] <... chmod resumed>)        = 0
[pid  5839] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5841] <... openat resumed>)       = 3
[pid  5841] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5842] chdir("./syzkaller.Q9g2pH" <unfinished ...>
[pid  5840] <... mkdir resumed>)        = 0
[pid  5839] close(3 <unfinished ...>
[pid  5838] <... close resumed>)        = 0
[pid  5841] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5842] <... chdir resumed>)        = 0
[pid  5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5841] close(3 <unfinished ...>
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5839] <... close resumed>)        = 0
[pid  5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached
./strace-static-x86_64: Process 5844 attached
 <unfinished ...>
[pid  5842] mkdir("./0", 0777 <unfinished ...>
[pid  5841] <... close resumed>)        = 0
[pid  5840] <... openat resumed>)       = 3
[pid  5838] <... clone resumed>, child_tidptr=0x555561544650) = 5843
[pid  5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5844] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5843] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5844] <... set_robust_list resumed>) = 0
[pid  5843] <... set_robust_list resumed>) = 0
[pid  5844] chdir("./0" <unfinished ...>
[pid  5843] chdir("./0" <unfinished ...>
[pid  5842] <... mkdir resumed>)        = 0
[pid  5844] <... chdir resumed>)        = 0
[pid  5843] <... chdir resumed>)        = 0
[pid  5844] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5843] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5844] <... prctl resumed>)        = 0
[pid  5843] <... prctl resumed>)        = 0
./strace-static-x86_64: Process 5846 attached
[pid  5844] setpgid(0, 0 <unfinished ...>
[pid  5843] setpgid(0, 0 <unfinished ...>
[pid  5840] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5839] <... clone resumed>, child_tidptr=0x555561544650) = 5844
[pid  5844] <... setpgid resumed>)      = 0
[pid  5843] <... setpgid resumed>)      = 0
[pid  5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5843] <... openat resumed>)       = 3
[pid  5846] set_robust_list(0x555561544660, 24) = 0
[pid  5843] write(3, "1000", 4 <unfinished ...>
[pid  5846] chdir("./0" <unfinished ...>
[pid  5844] write(3, "1000", 4 <unfinished ...>
[pid  5843] <... write resumed>)        = 4
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5841] <... clone resumed>, child_tidptr=0x555561544650) = 5846
[pid  5840] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5846] <... chdir resumed>)        = 0
[pid  5844] <... write resumed>)        = 4
[pid  5843] close(3 <unfinished ...>
[pid  5842] <... openat resumed>)       = 3
[pid  5840] close(3 <unfinished ...>
[pid  5846] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5844] close(3 <unfinished ...>
[pid  5843] <... close resumed>)        = 0
[pid  5842] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5840] <... close resumed>)        = 0
[pid  5846] <... prctl resumed>)        = 0
[pid  5844] <... close resumed>)        = 0
[pid  5843] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5842] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5844] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5842] close(3 <unfinished ...>
[pid  5846] setpgid(0, 0 <unfinished ...>
[pid  5843] <... symlink resumed>)      = 0
[pid  5842] <... close resumed>)        = 0
./strace-static-x86_64: Process 5847 attached
[pid  5846] <... setpgid resumed>)      = 0
[pid  5844] <... symlink resumed>)      = 0
[pid  5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5840] <... clone resumed>, child_tidptr=0x555561544650) = 5847
./strace-static-x86_64: Process 5848 attached
[pid  5848] set_robust_list(0x555561544660, 24) = 0
[pid  5848] chdir("./0" <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x555561544650) = 5848
[pid  5848] <... chdir resumed>)        = 0
[pid  5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5848] setpgid(0, 0)               = 0
executing program
executing program
[pid  5846] <... openat resumed>)       = 3
[pid  5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5847] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5846] write(3, "1000", 4 <unfinished ...>
[pid  5844] write(1, "executing program\n", 18 <unfinished ...>
[pid  5843] write(1, "executing program\n", 18 <unfinished ...>
[pid  5847] <... set_robust_list resumed>) = 0
[pid  5846] <... write resumed>)        = 4
[pid  5844] <... write resumed>)        = 18
[pid  5843] <... write resumed>)        = 18
[pid  5848] <... openat resumed>)       = 3
[pid  5844] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5848] write(3, "1000", 4)         = 4
[pid  5846] close(3 <unfinished ...>
[pid  5844] <... memfd_create resumed>) = 3
[pid  5843] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5848] close(3 <unfinished ...>
[pid  5847] chdir("./0" <unfinished ...>
[pid  5846] <... close resumed>)        = 0
[pid  5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5843] <... memfd_create resumed>) = 3
[pid  5848] <... close resumed>)        = 0
[pid  5847] <... chdir resumed>)        = 0
[pid  5846] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5844] <... mmap resumed>)         = 0x7f281f200000
[pid  5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5848] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5846] <... symlink resumed>)      = 0
[pid  5843] <... mmap resumed>)         = 0x7f281f200000
executing program
[pid  5848] write(1, "executing program\n", 18 <unfinished ...>
[pid  5847] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5846] write(1, "executing program\n", 18 <unfinished ...>
[pid  5844] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5843] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536executing program
 <unfinished ...>
[pid  5848] <... write resumed>)        = 18
[pid  5847] <... prctl resumed>)        = 0
[pid  5846] <... write resumed>)        = 18
[pid  5844] <... write resumed>)        = 65536
[pid  5843] <... write resumed>)        = 65536
[pid  5848] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5847] setpgid(0, 0 <unfinished ...>
[pid  5846] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5844] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5843] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5848] <... memfd_create resumed>) = 3
[pid  5847] <... setpgid resumed>)      = 0
[pid  5846] <... memfd_create resumed>) = 3
[pid  5844] <... munmap resumed>)       = 0
[pid  5843] <... munmap resumed>)       = 0
[pid  5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5844] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5848] <... mmap resumed>)         = 0x7f281f200000
[pid  5847] <... openat resumed>)       = 3
[pid  5846] <... mmap resumed>)         = 0x7f281f200000
[pid  5844] <... openat resumed>)       = 4
[pid  5843] <... openat resumed>)       = 4
[pid  5848] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5847] write(3, "1000", 4 <unfinished ...>
[pid  5846] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5844] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5843] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5847] <... write resumed>)        = 4
[pid  5848] <... write resumed>)        = 65536
[pid  5847] close(3)                    = 0
executing program
[pid  5847] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5847] write(1, "executing program\n", 18) = 18
[pid  5847] memfd_create("syzkaller", 0) = 3
[pid  5846] <... write resumed>)        = 65536
[pid  5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5848] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5846] munmap(0x7f281f200000, 138412032) = 0
[pid  5846] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5848] <... munmap resumed>)       = 0
[pid  5846] <... openat resumed>)       = 4
[pid  5846] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5846] <... ioctl resumed>)        = 0
[pid  5847] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5848] <... openat resumed>)       = 4
[pid  5847] <... write resumed>)        = 65536
[pid  5843] <... ioctl resumed>)        = 0
[pid  5847] munmap(0x7f281f200000, 138412032) = 0
[pid  5843] close(3)                    = 0
[pid  5843] close(4)                    = 0
[pid  5843] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5844] <... ioctl resumed>)        = 0
[pid  5843] <... mkdir resumed>)        = 0
[pid  5844] close(3)                    = 0
[pid  5844] close(4)                    = 0
[pid  5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5844] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5847] <... openat resumed>)       = 4
[pid  5847] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5844] <... mkdir resumed>)        = 0
[pid  5848] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5843] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5844] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5848] <... ioctl resumed>)        = 0
[   62.367836][ T5843] loop0: detected capacity change from 0 to 128
[   62.375235][ T5844] loop1: detected capacity change from 0 to 128
[   62.391583][ T5846] loop3: detected capacity change from 0 to 128
[   62.410699][ T5848] loop4: detected capacity change from 0 to 128
[pid  5846] close(3)                    = 0
[pid  5848] close(3)                    = 0
[pid  5848] close(4)                    = 0
[pid  5848] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5846] close(4 <unfinished ...>
[pid  5848] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5846] <... close resumed>)        = 0
[pid  5846] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5843] <... mount resumed>)        = 0
[pid  5846] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5844] <... mount resumed>)        = 0
[   62.421059][ T5843] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   62.430619][ T5844] VFS: Found a Xenix FS (block size = 1024) on device loop1
[   62.444704][ T5848] VFS: Found a Xenix FS (block size = 1024) on device loop4
[   62.452365][ T5847] loop2: detected capacity change from 0 to 128
[   62.461877][ T5846] VFS: Found a Xenix FS (block size = 1024) on device loop3
[pid  5843] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5847] <... ioctl resumed>)        = 0
[pid  5844] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5843] <... openat resumed>)       = 3
[pid  5844] <... openat resumed>)       = 3
[pid  5847] close(3 <unfinished ...>
[pid  5844] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5843] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5847] <... close resumed>)        = 0
[pid  5844] <... chdir resumed>)        = 0
[pid  5843] <... chdir resumed>)        = 0
[pid  5848] <... mount resumed>)        = 0
[pid  5847] close(4 <unfinished ...>
[pid  5844] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5848] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5847] <... close resumed>)        = 0
[pid  5843] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5844] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5848] <... openat resumed>)       = 3
[pid  5847] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5844] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5843] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5847] <... mkdir resumed>)        = 0
[pid  5848] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5847] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5848] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[   62.483161][ T5848] syz-executor188: attempt to access beyond end of device
[   62.483161][ T5848] loop4: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.483172][ T5843] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   62.484188][ T5843] unable to read i-node block
[   62.501855][ T5848] Buffer I/O error on dev loop4, logical block 3245768, async page read
[   62.506190][ T5844] syz-executor188: attempt to access beyond end of device
[   62.506190][ T5844] loop1: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.528467][ T5843] syz-executor188: attempt to access beyond end of device
[   62.528467][ T5843] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.547797][ T5847] VFS: Found a Xenix FS (block size = 1024) on device loop2
[   62.556706][ T5844] Buffer I/O error on dev loop1, logical block 3245768, async page read
[   62.557549][ T5843] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   62.566290][ T5844] unable to read i-node block
[pid  5848] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5847] <... mount resumed>)        = 0
[pid  5846] <... mount resumed>)        = 0
[pid  5847] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5847] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5847] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5846] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5846] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5846] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy)
[   62.576002][ T5847] syz-executor188: attempt to access beyond end of device
[   62.576002][ T5847] loop2: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.579241][ T5844] syz-executor188: attempt to access beyond end of device
[   62.579241][ T5844] loop1: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.594800][ T5846] syz-executor188: attempt to access beyond end of device
[   62.594800][ T5846] loop3: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.607354][ T5844] Buffer I/O error on dev loop1, logical block 3245768, async page read
[pid  5846] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5844] <... open resumed>)         = -1 EIO (Input/output error)
[   62.622304][ T5847] Buffer I/O error on dev loop2, logical block 3245768, async page read
[   62.630082][ T5844] sysv_free_inode: unable to read inode block on device loop1
[   62.638123][ T5843] sysv_free_inode: unable to read inode block on device loop0
[   62.646137][ T5846] Buffer I/O error on dev loop3, logical block 3245768, async page read
[   62.653853][ T5847] unable to read i-node block
[   62.667057][ T5846] unable to read i-node block
[   62.672636][ T5846] syz-executor188: attempt to access beyond end of device
[pid  5844] exit_group(0)               = ?
[pid  5844] +++ exited with 0 +++
[pid  5843] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5843] exit_group(0)               = ?
[pid  5843] +++ exited with 0 +++
[   62.672636][ T5846] loop3: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.683007][ T5848] syz-executor188: attempt to access beyond end of device
[   62.683007][ T5848] loop4: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.687374][ T5846] Buffer I/O error on dev loop3, logical block 3245768, async page read
[   62.701195][ T5847] syz-executor188: attempt to access beyond end of device
[   62.701195][ T5847] loop2: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   62.711987][ T5846] sysv_free_inode: unable to read inode block on device loop3
[pid  5846] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
[pid  5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
[pid  5838] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5838] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5838] getdents64(3, 0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5838] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5838] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5838] unlink("./0/binderfs" <unfinished ...>
[pid  5846] exit_group(0 <unfinished ...>
[pid  5838] <... unlink resumed>)       = 0
[pid  5838] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5848] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5847] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5846] <... exit_group resumed>)   = ?
[pid  5839] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5848] exit_group(0 <unfinished ...>
[pid  5847] exit_group(0 <unfinished ...>
[pid  5846] +++ exited with 0 +++
[pid  5848] <... exit_group resumed>)   = ?
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5847] <... exit_group resumed>)   = ?
[pid  5847] +++ exited with 0 +++
[   62.728343][ T5848] Buffer I/O error on dev loop4, logical block 3245768, async page read
[   62.731307][ T5847] Buffer I/O error on dev loop2, logical block 3245768, async page read
[   62.750260][ T5847] sysv_free_inode: unable to read inode block on device loop2
[   62.758868][ T5838] sysv_free_block: flc_count > flc_size
[   62.765367][ T5838] sysv_free_block: flc_count > flc_size
[   62.771169][ T5838] sysv_free_block: flc_count > flc_size
[   62.777226][ T5838] sysv_free_block: flc_count > flc_size
[pid  5848] +++ exited with 0 +++
[pid  5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
[pid  5839] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
[pid  5842] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
[pid  5839] <... openat resumed>)       = 3
[pid  5840] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] newfstatat(3, "",  <unfinished ...>
[pid  5841] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5840] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5839] getdents64(3,  <unfinished ...>
[pid  5841] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5840] <... openat resumed>)       = 3
[pid  5839] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5842] <... restart_syscall resumed>) = 0
[pid  5841] <... openat resumed>)       = 3
[pid  5840] newfstatat(3, "",  <unfinished ...>
[pid  5839] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] newfstatat(3, "",  <unfinished ...>
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5840] getdents64(3,  <unfinished ...>
[pid  5839] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid  5841] getdents64(3,  <unfinished ...>
[pid  5840] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5841] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5840] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] unlink("./0/binderfs" <unfinished ...>
[pid  5841] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] <... unlink resumed>)       = 0
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5840] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid  5839] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid  5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5840] unlink("./0/binderfs" <unfinished ...>
[pid  5841] unlink("./0/binderfs" <unfinished ...>
[pid  5840] <... unlink resumed>)       = 0
[pid  5841] <... unlink resumed>)       = 0
[pid  5840] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5842] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5842] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5842] getdents64(3, 0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5842] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   62.785455][ T5838] sysv_free_block: flc_count > flc_size
[   62.792049][ T5838] sysv_free_block: flc_count > flc_size
[   62.797708][ T5838] sysv_free_block: flc_count > flc_size
[   62.804766][ T5838] sysv_free_block: flc_count > flc_size
[   62.811860][ T5838] sysv_free_block: flc_count > flc_size
[   62.812056][ T5839] sysv_free_block: flc_count > flc_size
[   62.817426][ T5838] sysv_free_block: flc_count > flc_size
[   62.829314][ T5840] sysv_free_block: flc_count > flc_size
[pid  5842] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5842] unlink("./0/binderfs")      = 0
[pid  5838] <... umount2 resumed>)      = 0
[pid  5838] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5838] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5838] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5838] openat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5838] getdents64(4, 0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5838] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5838] close(4)                    = 0
[pid  5838] rmdir("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0
[pid  5838] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5838] close(3)                    = 0
[pid  5838] rmdir("./0")                = 0
[pid  5838] mkdir("./1", 0777)          = 0
[pid  5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5838] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5838] close(3)                    = 0
[   62.829577][ T5838] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   62.834901][ T5840] sysv_free_block: flc_count > flc_size
[   62.834911][ T5840] sysv_free_block: flc_count > flc_size
[   62.843709][ T5839] sysv_free_block: flc_count > flc_size
[   62.847514][ T5841] sysv_free_block: flc_count > flc_size
[   62.852921][ T5839] sysv_free_block: flc_count > flc_size
[   62.852932][ T5839] sysv_free_block: flc_count > flc_size
[   62.859336][ T5840] sysv_free_block: flc_count > flc_size
[pid  5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561544650) = 5851
[pid  5842] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5851 attached
 <unfinished ...>
[pid  5851] set_robust_list(0x555561544660, 24) = 0
[   62.884420][ T5839] sysv_free_block: flc_count > flc_size
[   62.888379][ T5841] sysv_free_block: flc_count > flc_size
[   62.892086][ T5839] sysv_free_block: flc_count > flc_size
[   62.896460][ T5841] sysv_free_block: flc_count > flc_size
[   62.907993][ T5842] sysv_free_block: flc_count > flc_size
[   62.913696][ T5839] sysv_free_block: flc_count > flc_size
[   62.913866][ T5841] sysv_free_block: flc_count > flc_size
[   62.925094][ T5839] sysv_free_block: flc_count > flc_size
[   62.925110][ T5839] sysv_free_block: flc_count > flc_size
[pid  5851] chdir("./1" <unfinished ...>
[pid  5839] <... umount2 resumed>)      = 0
[pid  5851] <... chdir resumed>)        = 0
[pid  5839] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5839] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5839] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5839] openat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] getdents64(4, 0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5839] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5839] close(4)                    = 0
[pid  5839] rmdir("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0
[pid  5839] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5839] close(3)                    = 0
[pid  5839] rmdir("./0")                = 0
[pid  5839] mkdir("./1", 0777)          = 0
[pid  5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3
[pid  5839] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5839] close(3)                    = 0
[pid  5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached
 <unfinished ...>
[pid  5852] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5839] <... clone resumed>, child_tidptr=0x555561544650) = 5852
[pid  5852] <... set_robust_list resumed>) = 0
[pid  5852] chdir("./1")                = 0
[pid  5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5852] setpgid(0, 0)               = 0
[pid  5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5852] write(3, "1000", 4)         = 4
[pid  5852] close(3executing program
)                    = 0
[pid  5852] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5852] write(1, "executing program\n", 18) = 18
[pid  5852] memfd_create("syzkaller", 0) = 3
[pid  5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[   62.925119][ T5839] sysv_free_block: flc_count > flc_size
[   62.925622][ T5839] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   62.935412][ T5842] sysv_free_block: flc_count > flc_size
[   62.941352][ T5840] sysv_free_block: flc_count > flc_size
[   62.948640][ T5842] sysv_free_block: flc_count > flc_size
[   62.948655][ T5842] sysv_free_block: flc_count > flc_size
[   62.948663][ T5842] sysv_free_block: flc_count > flc_size
[   62.948672][ T5842] sysv_free_block: flc_count > flc_size
[   62.948680][ T5842] sysv_free_block: flc_count > flc_size
[   62.948688][ T5842] sysv_free_block: flc_count > flc_size
[   62.948696][ T5842] sysv_free_block: flc_count > flc_size
[   62.948704][ T5842] sysv_free_block: flc_count > flc_size
[   62.949569][ T5842] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   62.978685][ T5840] sysv_free_block: flc_count > flc_size
[   62.978702][ T5840] sysv_free_block: flc_count > flc_size
[   62.978712][ T5840] sysv_free_block: flc_count > flc_size
[   62.978721][ T5840] sysv_free_block: flc_count > flc_size
executing program
[pid  5852] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5840] <... umount2 resumed>)      = 0
[pid  5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5851] setpgid(0, 0)               = 0
[pid  5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1000", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5851] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5851] write(1, "executing program\n", 18) = 18
[pid  5851] memfd_create("syzkaller", 0) = 3
[pid  5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5851] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536
[pid  5851] munmap(0x7f281f200000, 138412032) = 0
[pid  5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5851] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5840] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5852] <... write resumed>)        = 65536
[pid  5840] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5851] <... ioctl resumed>)        = 0
[pid  5852] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5842] <... umount2 resumed>)      = 0
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5852] <... munmap resumed>)       = 0
[pid  5851] close(3 <unfinished ...>
[pid  5842] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5840] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5842] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5852] <... openat resumed>)       = 4
[pid  5842] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5840] openat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[   62.978731][ T5840] sysv_free_block: flc_count > flc_size
[   62.979077][ T5840] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   62.984067][ T5841] sysv_free_block: flc_count > flc_size
[   63.037329][ T5851] loop0: detected capacity change from 0 to 128
[   63.062166][ T5841] sysv_free_block: flc_count > flc_size
[   63.067983][ T5841] sysv_free_block: flc_count > flc_size
[   63.075976][ T5841] sysv_free_block: flc_count > flc_size
[pid  5852] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5840] <... openat resumed>)       = 4
[pid  5851] <... close resumed>)        = 0
[pid  5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5840] getdents64(4, 0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5840] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5840] close(4)                    = 0
[pid  5840] rmdir("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0
[pid  5840] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5851] close(4 <unfinished ...>
[pid  5840] close(3)                    = 0
[pid  5840] rmdir("./0")                = 0
[pid  5840] mkdir("./1", 0777)          = 0
[pid  5851] <... close resumed>)        = 0
[pid  5842] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5842] openat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5842] getdents64(4,  <unfinished ...>
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5852] <... ioctl resumed>)        = 0
[pid  5842] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5840] <... openat resumed>)       = 3
[pid  5852] close(3 <unfinished ...>
[pid  5842] getdents64(4,  <unfinished ...>
[pid  5840] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5852] <... close resumed>)        = 0
[pid  5842] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5852] close(4 <unfinished ...>
[pid  5842] close(4 <unfinished ...>
[pid  5840] <... ioctl resumed>)        = 0
[pid  5852] <... close resumed>)        = 0
[pid  5842] <... close resumed>)        = 0
[pid  5840] close(3 <unfinished ...>
[pid  5851] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5842] rmdir("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5852] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5842] <... rmdir resumed>)        = 0
[pid  5842] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5842] close(3 <unfinished ...>
[pid  5852] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5851] <... mkdir resumed>)        = 0
[pid  5842] <... close resumed>)        = 0
[pid  5851] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5840] <... close resumed>)        = 0
[pid  5842] rmdir("./0")                = 0
[pid  5842] mkdir("./1", 0777 <unfinished ...>
[pid  5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached
 <unfinished ...>
[pid  5842] <... mkdir resumed>)        = 0
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3
[pid  5842] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5842] close(3 <unfinished ...>
[pid  5853] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5851] <... mount resumed>)        = 0
[pid  5842] <... close resumed>)        = 0
[pid  5853] <... set_robust_list resumed>) = 0
[pid  5851] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5840] <... clone resumed>, child_tidptr=0x555561544650) = 5853
[   63.082324][ T5852] loop1: detected capacity change from 0 to 128
[   63.083018][ T5841] sysv_free_block: flc_count > flc_size
[   63.095422][ T5841] sysv_free_block: flc_count > flc_size
[   63.119135][ T5851] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   63.119219][ T5852] VFS: Found a Xenix FS (block size = 1024) on device loop1
[pid  5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5853] chdir("./1" <unfinished ...>
[pid  5851] <... openat resumed>)       = 3
[pid  5842] <... clone resumed>, child_tidptr=0x555561544650) = 5854
./strace-static-x86_64: Process 5854 attached
[pid  5854] set_robust_list(0x555561544660, 24) = 0
[pid  5854] chdir("./1")                = 0
[pid  5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5854] setpgid(0, 0)               = 0
[pid  5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5853] <... chdir resumed>)        = 0
[pid  5851] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5854] write(3, "1000", 4 <unfinished ...>
[pid  5853] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5851] <... chdir resumed>)        = 0
[pid  5854] <... write resumed>)        = 4
[pid  5854] close(3)                    = 0
[pid  5854] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5854] write(1, "executing program\n", 18) = 18
[pid  5854] memfd_create("syzkaller", 0) = 3
[pid  5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5854] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5853] <... prctl resumed>)        = 0
[pid  5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5852] <... mount resumed>)        = 0
[pid  5853] setpgid(0, 0)               = 0
[pid  5851] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5851] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5854] <... write resumed>)        = 65536
[pid  5852] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5854] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5852] <... openat resumed>)       = 3
[pid  5854] <... munmap resumed>)       = 0
[pid  5852] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5854] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5852] <... chdir resumed>)        = 0
[pid  5854] <... openat resumed>)       = 4
[pid  5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5854] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5852] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5853] <... openat resumed>)       = 3
[pid  5852] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5853] write(3, "1000", 4)         = 4
[pid  5853] close(3 <unfinished ...>
[pid  5852] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5853] <... close resumed>)        = 0
[pid  5852] exit_group(0 <unfinished ...>
[pid  5841] <... umount2 resumed>)      = 0
[pid  5853] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5852] <... exit_group resumed>)   = ?
[pid  5841] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
 <unfinished ...>
[pid  5853] <... symlink resumed>)      = 0
[pid  5852] +++ exited with 0 +++
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5841] newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5853] write(1, "executing program\n", 18) = 18
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5841] umount2("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5853] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5841] openat(AT_FDCWD, "\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5853] <... memfd_create resumed>) = 3
[pid  5841] <... openat resumed>)       = 4
[   63.140826][ T5841] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.170548][ T5851] syz-executor188: attempt to access beyond end of device
[   63.170548][ T5851] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   63.179836][ T5854] loop4: detected capacity change from 0 to 128
[pid  5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5854] <... ioctl resumed>)        = 0
[pid  5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5841] getdents64(4,  <unfinished ...>
[pid  5839] <... restart_syscall resumed>) = 0
[pid  5853] <... mmap resumed>)         = 0x7f281f200000
[pid  5841] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5841] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5841] close(4)                    = 0
[pid  5839] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] rmdir("\x2e\x2f\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5854] close(3 <unfinished ...>
[pid  5841] <... rmdir resumed>)        = 0
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5854] <... close resumed>)        = 0
[pid  5841] getdents64(3,  <unfinished ...>
[pid  5854] close(4 <unfinished ...>
[pid  5841] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5839] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5854] <... close resumed>)        = 0
[pid  5841] close(3 <unfinished ...>
[pid  5854] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5841] <... close resumed>)        = 0
[pid  5854] <... mkdir resumed>)        = 0
[pid  5841] rmdir("./0" <unfinished ...>
[pid  5854] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5841] <... rmdir resumed>)        = 0
[pid  5839] <... openat resumed>)       = 3
[pid  5841] mkdir("./1", 0777)          = 0
[pid  5839] newfstatat(3, "",  <unfinished ...>
[pid  5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3
[pid  5841] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5851] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5841] <... ioctl resumed>)        = 0
[pid  5841] close(3 <unfinished ...>
[pid  5851] exit_group(0 <unfinished ...>
[pid  5841] <... close resumed>)        = 0
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5853] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5839] getdents64(3,  <unfinished ...>
[pid  5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5839] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
./strace-static-x86_64: Process 5855 attached
[pid  5851] <... exit_group resumed>)   = ?
[pid  5855] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5851] +++ exited with 0 +++
[pid  5841] <... clone resumed>, child_tidptr=0x555561544650) = 5855
[pid  5839] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5855] <... set_robust_list resumed>) = 0
[pid  5853] <... write resumed>)        = 65536
[pid  5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5855] chdir("./1")                = 0
[pid  5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5855] setpgid(0, 0)               = 0
[pid  5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5839] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5838] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5855] <... openat resumed>)       = 3
[pid  5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5855] write(3, "1000", 4)         = 4
[pid  5839] unlink("./1/binderfs" <unfinished ...>
[pid  5855] close(3)                    = 0
[pid  5855] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5839] <... unlink resumed>)       = 0
[pid  5838] <... restart_syscall resumed>) = 0
[pid  5855] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid  5839] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5855] <... write resumed>)        = 18
[pid  5855] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5854] <... mount resumed>)        = 0
[   63.204143][ T5851] unable to read i-node block
[   63.209880][ T5851] sysv_free_inode: unable to read inode block on device loop0
[   63.231670][ T5854] VFS: Found a Xenix FS (block size = 1024) on device loop4
[pid  5855] <... memfd_create resumed>) = 3
[pid  5854] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5853] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5838] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5855] <... mmap resumed>)         = 0x7f281f200000
[pid  5854] <... openat resumed>)       = 3
[pid  5855] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5854] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5853] <... munmap resumed>)       = 0
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5853] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5838] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5854] <... chdir resumed>)        = 0
[pid  5838] newfstatat(3, "",  <unfinished ...>
[pid  5854] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5854] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5854] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5838] getdents64(3,  <unfinished ...>
[pid  5853] <... openat resumed>)       = 4
[pid  5853] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5838] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5838] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5855] <... write resumed>)        = 65536
[pid  5853] <... ioctl resumed>)        = 0
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5855] munmap(0x7f281f200000, 138412032) = 0
[pid  5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4
[   63.257493][ T5839] sysv_free_block: flc_count > flc_size
[   63.269368][ T5839] sysv_free_block: flc_count > flc_size
[   63.280081][ T5854] unable to read i-node block
[   63.286321][ T5853] loop2: detected capacity change from 0 to 128
[   63.288552][ T5854] sysv_free_inode: unable to read inode block on device loop4
[   63.297304][ T5839] sysv_free_block: flc_count > flc_size
[pid  5855] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5838] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5853] close(3 <unfinished ...>
[pid  5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5855] <... ioctl resumed>)        = 0
[pid  5855] close(3)                    = 0
[pid  5855] close(4)                    = 0
[pid  5855] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5855] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5838] unlink("./1/binderfs")      = 0
[pid  5853] <... close resumed>)        = 0
[pid  5854] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5854] exit_group(0)               = ?
[pid  5854] +++ exited with 0 +++
[pid  5853] close(4 <unfinished ...>
[pid  5838] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5853] <... close resumed>)        = 0
[pid  5853] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid  5842] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5855] <... mount resumed>)        = 0
[pid  5853] <... mkdir resumed>)        = 0
[pid  5842] <... restart_syscall resumed>) = 0
[pid  5855] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5855] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy)
[   63.307215][ T5855] loop3: detected capacity change from 0 to 128
[   63.313729][ T5839] sysv_free_block: flc_count > flc_size
[   63.319906][ T5855] VFS: Found a Xenix FS (block size = 1024) on device loop3
[   63.333889][ T5839] sysv_free_block: flc_count > flc_size
[   63.334752][ T5838] sysv_free_block: flc_count > flc_size
[   63.339766][ T5839] sysv_free_block: flc_count > flc_size
[   63.339780][ T5839] sysv_free_block: flc_count > flc_size
[pid  5855] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5853] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5842] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5842] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5853] <... mount resumed>)        = 0
[pid  5842] <... openat resumed>)       = 3
[   63.339788][ T5839] sysv_free_block: flc_count > flc_size
[   63.347296][ T5838] sysv_free_block: flc_count > flc_size
[   63.354709][ T5855] unable to read i-node block
[   63.368522][ T5838] sysv_free_block: flc_count > flc_size
[   63.373885][ T5839] sysv_free_block: flc_count > flc_size
[   63.380091][ T5853] VFS: Found a Xenix FS (block size = 1024) on device loop2
[   63.384091][ T5839] sysv_free_block: flc_count > flc_size
[   63.394926][ T5838] sysv_free_block: flc_count > flc_size
[pid  5853] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5842] newfstatat(3, "",  <unfinished ...>
[pid  5855] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5855] exit_group(0)               = ?
[pid  5855] +++ exited with 0 +++
[pid  5853] <... openat resumed>)       = 3
[pid  5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
[pid  5839] <... umount2 resumed>)      = 0
[pid  5853] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5842] getdents64(3,  <unfinished ...>
[pid  5839] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5839] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5841] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5853] <... chdir resumed>)        = 0
[pid  5842] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   63.404499][ T5838] sysv_free_block: flc_count > flc_size
[   63.408662][ T5855] sysv_free_inode: unable to read inode block on device loop3
[   63.411280][ T5838] sysv_free_block: flc_count > flc_size
[   63.422300][ T5839] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.424881][ T5838] sysv_free_block: flc_count > flc_size
[   63.436868][ T5838] sysv_free_block: flc_count > flc_size
[   63.442798][ T5838] sysv_free_block: flc_count > flc_size
[   63.450392][ T5838] sysv_free_block: flc_count > flc_size
[pid  5839] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5853] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5842] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5853] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5842] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5841] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5853] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5839] openat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5842] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5853] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5841] <... openat resumed>)       = 3
[pid  5839] <... openat resumed>)       = 4
[pid  5838] <... umount2 resumed>)      = 0
[pid  5838] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5853] exit_group(0 <unfinished ...>
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5853] <... exit_group resumed>)   = ?
[pid  5842] unlink("./1/binderfs" <unfinished ...>
[pid  5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5841] newfstatat(3, "",  <unfinished ...>
[pid  5839] newfstatat(4, "",  <unfinished ...>
[pid  5838] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5853] +++ exited with 0 +++
[pid  5842] <... unlink resumed>)       = 0
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5842] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] getdents64(3,  <unfinished ...>
[pid  5838] openat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid  5839] getdents64(4,  <unfinished ...>
[pid  5841] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5838] <... openat resumed>)       = 4
[pid  5839] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5839] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5839] close(4)                    = 0
[pid  5839] rmdir("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0
[pid  5838] newfstatat(4, "",  <unfinished ...>
[pid  5841] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[   63.456407][ T5838] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.465722][ T5853] unable to read i-node block
[   63.470937][ T5853] sysv_free_inode: unable to read inode block on device loop2
[   63.493722][ T5842] sysv_free_block: flc_count > flc_size
[   63.499650][ T5842] sysv_free_block: flc_count > flc_size
[pid  5839] close(3 <unfinished ...>
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5840] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] getdents64(4,  <unfinished ...>
[pid  5839] <... close resumed>)        = 0
[pid  5839] rmdir("./1")                = 0
[pid  5839] mkdir("./2", 0777 <unfinished ...>
[pid  5841] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5840] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5839] <... mkdir resumed>)        = 0
[pid  5838] getdents64(4,  <unfinished ...>
[pid  5840] <... openat resumed>)       = 3
[pid  5838] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5841] unlink("./1/binderfs" <unfinished ...>
[pid  5838] close(4 <unfinished ...>
[pid  5841] <... unlink resumed>)       = 0
[pid  5840] newfstatat(3, "",  <unfinished ...>
[pid  5838] <... close resumed>)        = 0
[pid  5841] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5838] rmdir("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5840] getdents64(3,  <unfinished ...>
[pid  5839] <... openat resumed>)       = 3
[   63.506318][ T5842] sysv_free_block: flc_count > flc_size
[   63.512305][ T5842] sysv_free_block: flc_count > flc_size
[   63.517906][ T5842] sysv_free_block: flc_count > flc_size
[   63.523579][ T5842] sysv_free_block: flc_count > flc_size
[   63.529313][ T5842] sysv_free_block: flc_count > flc_size
[   63.534976][ T5842] sysv_free_block: flc_count > flc_size
[   63.540763][ T5842] sysv_free_block: flc_count > flc_size
[   63.541101][ T5841] sysv_free_block: flc_count > flc_size
[   63.546388][ T5842] sysv_free_block: flc_count > flc_size
[pid  5838] <... rmdir resumed>)        = 0
[pid  5840] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5839] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5839] close(3)                    = 0
[pid  5842] <... umount2 resumed>)      = 0
[pid  5840] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] getdents64(3,  <unfinished ...>
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5840] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5838] close(3 <unfinished ...>
[pid  5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5838] <... close resumed>)        = 0
[pid  5840] unlink("./1/binderfs" <unfinished ...>
[pid  5838] rmdir("./1" <unfinished ...>
[pid  5840] <... unlink resumed>)       = 0
[pid  5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5838] <... rmdir resumed>)        = 0
[pid  5840] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] mkdir("./2", 0777)          = 0
[pid  5839] <... clone resumed>, child_tidptr=0x555561544650) = 5856
[pid  5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5838] ioctl(3, LOOP_CLR_FD)       = 0
./strace-static-x86_64: Process 5856 attached
[pid  5842] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] close(3)                    = 0
[pid  5842] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5856] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5842] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5856] <... set_robust_list resumed>) = 0
[pid  5842] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5856] chdir("./2" <unfinished ...>
[pid  5842] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
./strace-static-x86_64: Process 5857 attached
[pid  5856] <... chdir resumed>)        = 0
[pid  5842] openat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5842] <... openat resumed>)       = 4
[pid  5838] <... clone resumed>, child_tidptr=0x555561544650) = 5857
[pid  5856] setpgid(0, 0 <unfinished ...>
[pid  5842] newfstatat(4, "",  <unfinished ...>
[pid  5856] <... setpgid resumed>)      = 0
[pid  5857] set_robust_list(0x555561544660, 24) = 0
[   63.546718][ T5842] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.566320][ T5841] sysv_free_block: flc_count > flc_size
[   63.572016][ T5841] sysv_free_block: flc_count > flc_size
[   63.577593][ T5841] sysv_free_block: flc_count > flc_size
[   63.583668][ T5840] sysv_free_block: flc_count > flc_size
[   63.583693][ T5841] sysv_free_block: flc_count > flc_size
[pid  5857] chdir("./2" <unfinished ...>
[pid  5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5857] <... chdir resumed>)        = 0
[pid  5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5857] setpgid(0, 0)               = 0
[pid  5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5857] write(3, "1000", 4)         = 4
[pid  5857] close(3 <unfinished ...>
[pid  5856] <... openat resumed>)       = 3
[pid  5842] getdents64(4,  <unfinished ...>
[pid  5857] <... close resumed>)        = 0
[pid  5857] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5857] write(1, "executing program\n", 18) = 18
[pid  5857] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5856] write(3, "1000", 4 <unfinished ...>
[pid  5857] <... memfd_create resumed>) = 3
[pid  5856] <... write resumed>)        = 4
[pid  5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5856] close(3 <unfinished ...>
[pid  5857] <... mmap resumed>)         = 0x7f281f200000
[pid  5856] <... close resumed>)        = 0
[pid  5842] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5856] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5857] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5856] <... symlink resumed>)      = 0
[pid  5842] getdents64(4,  <unfinished ...>
[pid  5857] <... write resumed>)        = 65536
[pid  5857] munmap(0x7f281f200000, 138412032) = 0
[pid  5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5857] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5856] write(1, "executing program\n", 18 <unfinished ...>
[pid  5842] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
executing program
[   63.606365][ T5840] sysv_free_block: flc_count > flc_size
[   63.608017][ T5841] sysv_free_block: flc_count > flc_size
[   63.618165][ T5841] sysv_free_block: flc_count > flc_size
[   63.629741][ T5840] sysv_free_block: flc_count > flc_size
[   63.637550][ T5841] sysv_free_block: flc_count > flc_size
[   63.643610][ T5857] loop0: detected capacity change from 0 to 128
[   63.648293][ T5841] sysv_free_block: flc_count > flc_size
[pid  5856] <... write resumed>)        = 18
[pid  5842] close(4 <unfinished ...>
[pid  5857] <... ioctl resumed>)        = 0
[pid  5857] close(3)                    = 0
[pid  5857] close(4)                    = 0
[pid  5856] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5842] <... close resumed>)        = 0
[pid  5857] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5856] <... memfd_create resumed>) = 3
[pid  5842] rmdir("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5857] <... mkdir resumed>)        = 0
[pid  5857] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "") = 0
[pid  5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5842] <... rmdir resumed>)        = 0
[pid  5856] <... mmap resumed>)         = 0x7f281f200000
[   63.651859][ T5840] sysv_free_block: flc_count > flc_size
[   63.655793][ T5841] sysv_free_block: flc_count > flc_size
[   63.664786][ T5840] sysv_free_block: flc_count > flc_size
[   63.677899][ T5841] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.684410][ T5840] sysv_free_block: flc_count > flc_size
[   63.690464][ T5857] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   63.700163][ T5840] sysv_free_block: flc_count > flc_size
[pid  5842] getdents64(3,  <unfinished ...>
[pid  5857] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5856] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5842] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5841] <... umount2 resumed>)      = 0
[pid  5856] <... write resumed>)        = 65536
[pid  5842] close(3 <unfinished ...>
[pid  5856] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5842] <... close resumed>)        = 0
[pid  5841] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5856] <... munmap resumed>)       = 0
[pid  5842] rmdir("./1" <unfinished ...>
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5857] <... openat resumed>)       = 3
[pid  5856] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5842] <... rmdir resumed>)        = 0
[pid  5841] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5856] <... openat resumed>)       = 4
[pid  5842] mkdir("./2", 0777 <unfinished ...>
[pid  5856] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5842] <... mkdir resumed>)        = 0
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5857] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5841] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5842] <... openat resumed>)       = 3
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5857] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5842] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5841] openat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5840] <... umount2 resumed>)      = 0
[pid  5842] <... ioctl resumed>)        = 0
[pid  5841] <... openat resumed>)       = 4
[pid  5842] close(3 <unfinished ...>
[pid  5841] newfstatat(4, "",  <unfinished ...>
[pid  5842] <... close resumed>)        = 0
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5841] getdents64(4, 0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5841] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
./strace-static-x86_64: Process 5858 attached
[pid  5856] <... ioctl resumed>)        = 0
[pid  5841] close(4 <unfinished ...>
[pid  5856] close(3 <unfinished ...>
[pid  5841] <... close resumed>)        = 0
[pid  5856] <... close resumed>)        = 0
[pid  5841] rmdir("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5856] close(4 <unfinished ...>
[pid  5841] <... rmdir resumed>)        = 0
[pid  5856] <... close resumed>)        = 0
[pid  5856] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5858] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5856] <... mkdir resumed>)        = 0
[pid  5858] <... set_robust_list resumed>) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x555561544650) = 5858
[pid  5841] getdents64(3,  <unfinished ...>
[pid  5858] chdir("./2" <unfinished ...>
[pid  5841] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5841] close(3 <unfinished ...>
[pid  5858] <... chdir resumed>)        = 0
[pid  5841] <... close resumed>)        = 0
[pid  5858] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5841] rmdir("./1" <unfinished ...>
[pid  5858] <... prctl resumed>)        = 0
[pid  5856] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5841] <... rmdir resumed>)        = 0
[pid  5858] setpgid(0, 0)               = 0
[pid  5857] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5841] mkdir("./2", 0777 <unfinished ...>
[pid  5840] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5857] exit_group(0 <unfinished ...>
[pid  5841] <... mkdir resumed>)        = 0
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3
[pid  5841] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5841] close(3)                    = 0
[pid  5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached
 <unfinished ...>
[pid  5858] <... openat resumed>)       = 3
[pid  5857] <... exit_group resumed>)   = ?
[pid  5840] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5841] <... clone resumed>, child_tidptr=0x555561544650) = 5859
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5858] write(3, "1000", 4 <unfinished ...>
[pid  5859] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5858] <... write resumed>)        = 4
[pid  5859] <... set_robust_list resumed>) = 0
[pid  5858] close(3 <unfinished ...>
[pid  5859] chdir("./2" <unfinished ...>
[pid  5858] <... close resumed>)        = 0
[pid  5858] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5859] <... chdir resumed>)        = 0
[pid  5858] <... symlink resumed>)      = 0
[pid  5857] +++ exited with 0 +++
[pid  5856] <... mount resumed>)        = 0
[pid  5840] umount2("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5856] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5859] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5858] write(1, "executing program\n", 18 <unfinished ...>
[pid  5856] <... openat resumed>)       = 3
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5859] <... prctl resumed>)        = 0
[pid  5856] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f"executing program
 <unfinished ...>
[pid  5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid  5840] openat(AT_FDCWD, "\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5859] setpgid(0, 0 <unfinished ...>
[pid  5858] <... write resumed>)        = 18
[pid  5856] <... chdir resumed>)        = 0
[pid  5838] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5859] <... setpgid resumed>)      = 0
[pid  5858] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5856] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5840] <... openat resumed>)       = 4
[pid  5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5840] newfstatat(4, "",  <unfinished ...>
[pid  5856] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5859] <... openat resumed>)       = 3
[   63.705888][ T5840] sysv_free_block: flc_count > flc_size
[   63.712086][ T5840] sysv_free_block: flc_count > flc_size
[   63.718938][ T5840] sysv_free_block: flc_count > flc_size
[   63.725087][ T5840] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.729890][ T5856] loop1: detected capacity change from 0 to 128
[   63.750396][ T5856] VFS: Found a Xenix FS (block size = 1024) on device loop1
[pid  5856] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5840] getdents64(4,  <unfinished ...>
[pid  5838] <... restart_syscall resumed>) = 0
[pid  5859] write(3, "1000", 4 <unfinished ...>
[pid  5858] <... memfd_create resumed>) = 3
[pid  5840] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5840] getdents64(4,  <unfinished ...>
[pid  5859] <... write resumed>)        = 4
[pid  5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5856] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5840] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5859] close(3 <unfinished ...>
[pid  5858] <... mmap resumed>)         = 0x7f281f200000
[pid  5859] <... close resumed>)        = 0
[pid  5856] exit_group(0 <unfinished ...>
[pid  5840] close(4 <unfinished ...>
[pid  5838] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5859] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5858] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5856] <... exit_group resumed>)   = ?
[pid  5840] <... close resumed>)        = 0
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5859] <... symlink resumed>)      = 0
[pid  5840] rmdir("\x2e\x2f\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5838] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5859] write(1, "executing program\n", 18 <unfinished ...>
[pid  5856] +++ exited with 0 +++
[pid  5840] <... rmdir resumed>)        = 0
executing program
[pid  5838] <... openat resumed>)       = 3
[pid  5859] <... write resumed>)        = 18
[pid  5858] <... write resumed>)        = 65536
[pid  5840] getdents64(3,  <unfinished ...>
[pid  5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
[pid  5838] newfstatat(3, "",  <unfinished ...>
[pid  5859] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5858] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5840] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5839] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5859] <... memfd_create resumed>) = 3
[pid  5858] <... munmap resumed>)       = 0
[pid  5840] close(3 <unfinished ...>
[pid  5839] <... restart_syscall resumed>) = 0
[pid  5838] getdents64(3,  <unfinished ...>
[pid  5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5840] <... close resumed>)        = 0
[pid  5838] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5859] <... mmap resumed>)         = 0x7f281f200000
[pid  5858] <... openat resumed>)       = 4
[pid  5838] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] newfstatat(AT_FDCWD, "./2/binderfs",  <unfinished ...>
[pid  5840] rmdir("./1" <unfinished ...>
[pid  5839] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5840] <... rmdir resumed>)        = 0
[pid  5839] <... openat resumed>)       = 3
[pid  5838] unlink("./2/binderfs" <unfinished ...>
[pid  5858] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5840] mkdir("./2", 0777 <unfinished ...>
[pid  5839] newfstatat(3, "",  <unfinished ...>
[pid  5838] <... unlink resumed>)       = 0
[pid  5840] <... mkdir resumed>)        = 0
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5838] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5839] getdents64(3,  <unfinished ...>
[pid  5840] <... openat resumed>)       = 3
[pid  5839] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5840] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5839] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5840] <... ioctl resumed>)        = 0
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] newfstatat(AT_FDCWD, "./2/binderfs",  <unfinished ...>
[pid  5840] close(3 <unfinished ...>
[pid  5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5840] <... close resumed>)        = 0
[   63.777672][ T5856] unable to read i-node block
[   63.783957][ T5856] sysv_free_inode: unable to read inode block on device loop1
[   63.814255][ T5858] loop4: detected capacity change from 0 to 128
[pid  5839] unlink("./2/binderfs")      = 0
[pid  5839] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5859] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5858] <... ioctl resumed>)        = 0
[pid  5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5859] <... write resumed>)        = 65536
[pid  5858] close(3)                    = 0
[pid  5859] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5858] close(4 <unfinished ...>
[pid  5859] <... munmap resumed>)       = 0
[pid  5858] <... close resumed>)        = 0
[pid  5840] <... clone resumed>, child_tidptr=0x555561544650) = 5860
./strace-static-x86_64: Process 5860 attached
[pid  5859] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5858] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5859] <... openat resumed>)       = 4
[pid  5858] <... mkdir resumed>)        = 0
[pid  5859] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5860] set_robust_list(0x555561544660, 24) = 0
[pid  5860] chdir("./2")                = 0
[pid  5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5860] setpgid(0, 0)               = 0
[pid  5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5860] write(3, "1000", 4)         = 4
[pid  5860] close(3)                    = 0
[pid  5860] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5860] write(1, "executing program\n", 18) = 18
[pid  5860] memfd_create("syzkaller", 0) = 3
[pid  5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5858] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[   63.822869][ T5838] sysv_free_block: flc_count > flc_size
[   63.830234][ T5839] sysv_free_block: flc_count > flc_size
[   63.835833][ T5839] sysv_free_block: flc_count > flc_size
[   63.849100][ T5838] sysv_free_block: flc_count > flc_size
[   63.855014][ T5838] sysv_free_block: flc_count > flc_size
[   63.864144][ T5859] loop3: detected capacity change from 0 to 128
[pid  5860] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536
[pid  5860] munmap(0x7f281f200000, 138412032) = 0
[pid  5860] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4
[pid  5860] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5859] <... ioctl resumed>)        = 0
[pid  5859] close(3)                    = 0
[pid  5859] close(4)                    = 0
[pid  5859] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[   63.880954][ T5839] sysv_free_block: flc_count > flc_size
[   63.883003][ T5860] loop2: detected capacity change from 0 to 128
[   63.886610][ T5839] sysv_free_block: flc_count > flc_size
[   63.886623][ T5839] sysv_free_block: flc_count > flc_size
[   63.886632][ T5839] sysv_free_block: flc_count > flc_size
[   63.886640][ T5839] sysv_free_block: flc_count > flc_size
[   63.886647][ T5839] sysv_free_block: flc_count > flc_size
[   63.886655][ T5839] sysv_free_block: flc_count > flc_size
[pid  5859] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5860] <... ioctl resumed>)        = 0
[pid  5859] <... mount resumed>)        = 0
[pid  5860] close(3)                    = 0
[pid  5859] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5860] close(4 <unfinished ...>
[pid  5859] <... openat resumed>)       = 3
[pid  5860] <... close resumed>)        = 0
[pid  5859] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5860] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5859] <... chdir resumed>)        = 0
[pid  5860] <... mkdir resumed>)        = 0
[pid  5859] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5860] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5859] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5859] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5858] <... mount resumed>)        = 0
[pid  5859] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5858] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5859] exit_group(0 <unfinished ...>
[pid  5858] <... openat resumed>)       = 3
[pid  5859] <... exit_group resumed>)   = ?
[pid  5859] +++ exited with 0 +++
[pid  5858] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5860] <... mount resumed>)        = 0
[pid  5858] <... chdir resumed>)        = 0
[pid  5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5860] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
[pid  5860] <... openat resumed>)       = 3
[pid  5841] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5860] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5858] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5860] <... chdir resumed>)        = 0
[pid  5858] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[   63.886664][ T5839] sysv_free_block: flc_count > flc_size
[   63.887005][ T5839] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   63.893916][ T5838] sysv_free_block: flc_count > flc_size
[   63.898987][ T5858] VFS: Found a Xenix FS (block size = 1024) on device loop4
[   63.911009][ T5859] VFS: Found a Xenix FS (block size = 1024) on device loop3
[   63.940347][ T5838] sysv_free_block: flc_count > flc_size
[   63.966347][ T5860] VFS: Found a Xenix FS (block size = 1024) on device loop2
[pid  5860] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5858] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5860] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5858] exit_group(0)               = ?
[pid  5841] <... restart_syscall resumed>) = 0
[pid  5841] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5841] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5858] +++ exited with 0 +++
[pid  5841] <... openat resumed>)       = 3
[pid  5841] newfstatat(3, "",  <unfinished ...>
[pid  5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5842] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5841] getdents64(3, 0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5841] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5841] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5841] unlink("./2/binderfs")      = 0
[pid  5841] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5842] <... restart_syscall resumed>) = 0
[pid  5842] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5842] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5842] getdents64(3, 0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5842] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5842] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5842] unlink("./2/binderfs")      = 0
[pid  5842] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] <... umount2 resumed>)      = 0
[   63.991750][ T5860] unable to read i-node block
[   64.005865][ T5838] sysv_free_block: flc_count > flc_size
[   64.006243][ T5860] sysv_free_inode: unable to read inode block on device loop2
[   64.013682][ T5838] sysv_free_block: flc_count > flc_size
[   64.024730][ T5838] sysv_free_block: flc_count > flc_size
[   64.026278][ T5841] sysv_free_block: flc_count > flc_size
[   64.032257][ T5838] sysv_free_block: flc_count > flc_size
[pid  5839] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5839] newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5839] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5839] openat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] getdents64(4, 0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5839] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5839] close(4)                    = 0
[pid  5839] rmdir("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0
[pid  5839] getdents64(3,  <unfinished ...>
[pid  5860] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5839] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5839] close(3 <unfinished ...>
[pid  5860] exit_group(0 <unfinished ...>
[pid  5839] <... close resumed>)        = 0
[pid  5838] <... umount2 resumed>)      = 0
[pid  5839] rmdir("./2")                = 0
[pid  5839] mkdir("./3", 0777)          = 0
[pid  5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3
[pid  5839] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5839] close(3 <unfinished ...>
[pid  5860] <... exit_group resumed>)   = ?
[pid  5839] <... close resumed>)        = 0
[pid  5838] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5839] <... clone resumed>, child_tidptr=0x555561544650) = 5861
./strace-static-x86_64: Process 5861 attached
[   64.037983][ T5841] sysv_free_block: flc_count > flc_size
[   64.041928][ T5838] sysv_free_block: flc_count > flc_size
[   64.047796][ T5842] sysv_free_block: flc_count > flc_size
[   64.053604][ T5838] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   64.069883][ T5841] sysv_free_block: flc_count > flc_size
[   64.080429][ T5841] sysv_free_block: flc_count > flc_size
[   64.086051][ T5841] sysv_free_block: flc_count > flc_size
[pid  5861] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5860] +++ exited with 0 +++
[pid  5838] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5861] <... set_robust_list resumed>) = 0
[pid  5861] chdir("./3")                = 0
[pid  5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5861] setpgid(0, 0)               = 0
[pid  5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5861] write(3, "1000", 4)         = 4
[pid  5861] close(3)                    = 0
[pid  5861] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5861] write(1, "executing program\n", 18) = 18
[pid  5861] memfd_create("syzkaller", 0) = 3
[pid  5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5861] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] openat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5861] <... write resumed>)        = 65536
[pid  5861] munmap(0x7f281f200000, 138412032) = 0
[pid  5838] <... openat resumed>)       = 4
[pid  5861] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4
[pid  5861] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5840] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[   64.092369][ T5842] sysv_free_block: flc_count > flc_size
[   64.096074][ T5841] sysv_free_block: flc_count > flc_size
[   64.098028][ T5842] sysv_free_block: flc_count > flc_size
[   64.098039][ T5842] sysv_free_block: flc_count > flc_size
[   64.098048][ T5842] sysv_free_block: flc_count > flc_size
[   64.115635][ T5841] sysv_free_block: flc_count > flc_size
[   64.132156][ T5861] loop1: detected capacity change from 0 to 128
[pid  5838] newfstatat(4, "",  <unfinished ...>
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5861] <... ioctl resumed>)        = 0
[pid  5861] close(3)                    = 0
[pid  5861] close(4)                    = 0
[pid  5861] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5861] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5840] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5838] getdents64(4,  <unfinished ...>
[pid  5861] <... mount resumed>)        = 0
[pid  5840] newfstatat(3, "",  <unfinished ...>
[pid  5838] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5861] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5861] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5861] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy)
[   64.139343][ T5842] sysv_free_block: flc_count > flc_size
[   64.139835][ T5841] sysv_free_block: flc_count > flc_size
[   64.145214][ T5842] sysv_free_block: flc_count > flc_size
[   64.158075][ T5841] sysv_free_block: flc_count > flc_size
[   64.163917][ T5861] VFS: Found a Xenix FS (block size = 1024) on device loop1
[   64.171824][ T5842] sysv_free_block: flc_count > flc_size
[   64.173069][ T5841] sysv_free_block: flc_count > flc_size
[   64.177776][ T5842] sysv_free_block: flc_count > flc_size
[pid  5861] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5838] getdents64(4,  <unfinished ...>
[pid  5861] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5861] exit_group(0)               = ?
[pid  5861] +++ exited with 0 +++
[pid  5840] getdents64(3,  <unfinished ...>
[pid  5838] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5840] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5838] close(4 <unfinished ...>
[pid  5840] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] <... close resumed>)        = 0
[pid  5840] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5838] rmdir("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5840] newfstatat(AT_FDCWD, "./2/binderfs",  <unfinished ...>
[pid  5838] <... rmdir resumed>)        = 0
[pid  5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5838] getdents64(3,  <unfinished ...>
[pid  5840] unlink("./2/binderfs" <unfinished ...>
[pid  5838] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5840] <... unlink resumed>)       = 0
[pid  5838] close(3 <unfinished ...>
[pid  5840] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5838] <... close resumed>)        = 0
[pid  5838] rmdir("./2")                = 0
[pid  5838] mkdir("./3", 0777)          = 0
[pid  5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5838] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5838] close(3 <unfinished ...>
[pid  5841] <... umount2 resumed>)      = 0
[pid  5841] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5841] newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5839] <... openat resumed>)       = 3
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5839] newfstatat(3, "",  <unfinished ...>
[pid  5838] <... close resumed>)        = 0
[pid  5841] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] getdents64(3,  <unfinished ...>
[pid  5841] openat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5839] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5841] <... openat resumed>)       = 4
[pid  5839] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5841] newfstatat(4, "",  <unfinished ...>
[pid  5839] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid  5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5841] getdents64(4,  <unfinished ...>
[pid  5839] unlink("./3/binderfs" <unfinished ...>
[pid  5841] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5839] <... unlink resumed>)       = 0
[   64.189367][ T5842] sysv_free_block: flc_count > flc_size
[   64.195822][ T5842] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   64.198948][ T5841] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   64.210279][ T5840] sysv_free_block: flc_count > flc_size
[   64.215875][ T5840] sysv_free_block: flc_count > flc_size
[   64.235551][ T5839] sysv_free_block: flc_count > flc_size
[pid  5839] umount2("\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5842] <... umount2 resumed>)      = 0
[pid  5841] getdents64(4,  <unfinished ...>
[pid  5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5841] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5841] close(4)                    = 0
[pid  5841] rmdir("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0
[pid  5841] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5841] close(3)                    = 0
[pid  5841] rmdir("./2")                = 0
[   64.248848][ T5839] sysv_free_block: flc_count > flc_size
[   64.253512][ T5840] sysv_free_block: flc_count > flc_size
[   64.254424][ T5839] sysv_free_block: flc_count > flc_size
[   64.254435][ T5839] sysv_free_block: flc_count > flc_size
[   64.260370][ T5840] sysv_free_block: flc_count > flc_size
[   64.277388][ T5840] sysv_free_block: flc_count > flc_size
[   64.284602][ T5840] sysv_free_block: flc_count > flc_size
[   64.285855][ T5839] sysv_free_block: flc_count > flc_size
[pid  5841] mkdir("./3", 0777executing program
)          = 0
./strace-static-x86_64: Process 5862 attached
[pid  5842] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5862] set_robust_list(0x555561544660, 24) = 0
[pid  5862] chdir("./3")                = 0
[pid  5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5862] setpgid(0, 0)               = 0
[pid  5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5862] write(3, "1000", 4)         = 4
[pid  5862] close(3)                    = 0
[pid  5862] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5862] write(1, "executing program\n", 18) = 18
[pid  5862] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5838] <... clone resumed>, child_tidptr=0x555561544650) = 5862
[pid  5842] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5841] <... openat resumed>)       = 3
[pid  5841] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5862] <... memfd_create resumed>) = 3
[pid  5841] <... ioctl resumed>)        = 0
[pid  5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5841] close(3 <unfinished ...>
[pid  5862] <... mmap resumed>)         = 0x7f281f200000
[pid  5841] <... close resumed>)        = 0
[pid  5862] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5842] newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5862] <... write resumed>)        = 65536
[pid  5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5862] munmap(0x7f281f200000, 138412032) = 0
[pid  5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5862] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5842] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5863 attached
 <unfinished ...>
[pid  5862] <... ioctl resumed>)        = 0
[pid  5862] close(3)                    = 0
[pid  5862] close(4)                    = 0
[pid  5842] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5841] <... clone resumed>, child_tidptr=0x555561544650) = 5863
[pid  5842] openat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5862] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5842] <... openat resumed>)       = 4
[pid  5863] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5842] newfstatat(4, "",  <unfinished ...>
[pid  5863] <... set_robust_list resumed>) = 0
[pid  5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5863] chdir("./3")                = 0
[pid  5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5863] setpgid(0, 0 <unfinished ...>
[pid  5862] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5863] <... setpgid resumed>)      = 0
[   64.290600][ T5840] sysv_free_block: flc_count > flc_size
[   64.296022][ T5839] sysv_free_block: flc_count > flc_size
[   64.307387][ T5839] sysv_free_block: flc_count > flc_size
[   64.313132][ T5840] sysv_free_block: flc_count > flc_size
[   64.313146][ T5840] sysv_free_block: flc_count > flc_size
[   64.313156][ T5840] sysv_free_block: flc_count > flc_size
[   64.333329][ T5862] loop0: detected capacity change from 0 to 128
[pid  5842] getdents64(4, executing program
0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5863] write(3, "1000", 4)         = 4
[pid  5863] close(3)                    = 0
[pid  5863] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5863] write(1, "executing program\n", 18) = 18
[pid  5863] memfd_create("syzkaller", 0) = 3
[pid  5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5842] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5842] close(4)                    = 0
[pid  5842] rmdir("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5840] <... umount2 resumed>)      = 0
[pid  5840] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5840] newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5840] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5840] openat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5863] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5842] <... rmdir resumed>)        = 0
[pid  5842] getdents64(3,  <unfinished ...>
[pid  5840] newfstatat(4, "",  <unfinished ...>
[pid  5842] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5842] close(3 <unfinished ...>
[pid  5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5842] <... close resumed>)        = 0
[pid  5840] getdents64(4, 0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5840] getdents64(4, 0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5840] close(4)                    = 0
[pid  5840] rmdir("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5842] rmdir("./2" <unfinished ...>
[pid  5840] <... rmdir resumed>)        = 0
[pid  5863] <... write resumed>)        = 65536
[pid  5863] munmap(0x7f281f200000, 138412032) = 0
[pid  5842] <... rmdir resumed>)        = 0
[pid  5863] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4
[pid  5842] mkdir("./3", 0777 <unfinished ...>
[pid  5840] getdents64(3, 0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5863] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[   64.345774][ T5862] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   64.353198][ T5839] sysv_free_block: flc_count > flc_size
[   64.359749][ T5840] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   64.380706][ T5839] sysv_free_block: flc_count > flc_size
[   64.386294][ T5839] sysv_free_block: flc_count > flc_size
[pid  5840] close(3 <unfinished ...>
[pid  5842] <... mkdir resumed>)        = 0
[pid  5840] <... close resumed>)        = 0
[pid  5840] rmdir("./2")                = 0
[pid  5840] mkdir("./3", 0777 <unfinished ...>
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5840] <... mkdir resumed>)        = 0
[pid  5862] <... mount resumed>)        = 0
[pid  5862] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5842] <... openat resumed>)       = 3
[pid  5862] <... openat resumed>)       = 3
[pid  5842] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5862] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5842] <... ioctl resumed>)        = 0
[pid  5862] <... chdir resumed>)        = 0
[pid  5842] close(3 <unfinished ...>
[pid  5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5862] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5842] <... close resumed>)        = 0
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3
[pid  5840] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5840] close(3 <unfinished ...>
[pid  5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561544650) = 5864
./strace-static-x86_64: Process 5864 attached
[pid  5840] <... close resumed>)        = 0
[pid  5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5864] set_robust_list(0x555561544660, 24./strace-static-x86_64: Process 5865 attached
 <unfinished ...>
[pid  5840] <... clone resumed>, child_tidptr=0x555561544650) = 5865
[pid  5865] set_robust_list(0x555561544660, 24) = 0
[pid  5865] chdir("./3")                = 0
[pid  5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5865] setpgid(0, 0)               = 0
[pid  5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5864] <... set_robust_list resumed>) = 0
[pid  5863] <... ioctl resumed>)        = 0
[pid  5862] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5839] <... umount2 resumed>)      = 0
[pid  5865] write(3, "1000", 4 <unfinished ...>
[pid  5864] chdir("./3" <unfinished ...>
[pid  5865] <... write resumed>)        = 4
[pid  5865] close(3 <unfinished ...>
[pid  5864] <... chdir resumed>)        = 0
[pid  5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5865] <... close resumed>)        = 0
[pid  5864] setpgid(0, 0 <unfinished ...>
[pid  5839] umount2("\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5864] <... setpgid resumed>)      = 0
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5839] newfstatat(AT_FDCWD, "\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38",  <unfinished ...>
[pid  5865] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5865] <... symlink resumed>)      = 0
[pid  5864] <... openat resumed>)       = 3
[pid  5863] close(3 <unfinished ...>
[pid  5862] exit_group(0executing program
 <unfinished ...>
[pid  5865] write(1, "executing program\n", 18 <unfinished ...>
[pid  5863] <... close resumed>)        = 0
[pid  5862] <... exit_group resumed>)   = ?
[pid  5839] umount2("\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5865] <... write resumed>)        = 18
[pid  5863] close(4 <unfinished ...>
[pid  5862] +++ exited with 0 +++
[pid  5839] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5865] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5864] write(3, "1000", 4 <unfinished ...>
[pid  5863] <... close resumed>)        = 0
[pid  5839] openat(AT_FDCWD, "\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[pid  5865] <... memfd_create resumed>) = 3
[pid  5864] <... write resumed>)        = 4
[pid  5863] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5839] <... openat resumed>)       = 4
[pid  5838] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5864] close(3 <unfinished ...>
[pid  5838] <... restart_syscall resumed>) = 0
[pid  5864] <... close resumed>)        = 0
[pid  5865] <... mmap resumed>)         = 0x7f281f200000
[   64.395513][ T5863] loop3: detected capacity change from 0 to 128
[   64.402459][ T5839] sysv_free_inode: inode 0,1,2 or nonexistent inode
[pid  5864] symlink("/dev/binderfs", "./binderfs"executing program
 <unfinished ...>
[pid  5839] newfstatat(4, "",  <unfinished ...>
[pid  5864] <... symlink resumed>)      = 0
[pid  5838] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5864] write(1, "executing program\n", 18 <unfinished ...>
[pid  5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5864] <... write resumed>)        = 18
[pid  5863] <... mkdir resumed>)        = 0
[pid  5839] getdents64(4,  <unfinished ...>
[pid  5838] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5865] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5864] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5863] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5839] <... getdents64 resumed>0x55556154d730 /* 2 entries */, 32768) = 48
[pid  5838] <... openat resumed>)       = 3
[pid  5864] <... memfd_create resumed>) = 3
[pid  5839] getdents64(4,  <unfinished ...>
[pid  5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5838] newfstatat(3, "",  <unfinished ...>
[pid  5839] <... getdents64 resumed>0x55556154d730 /* 0 entries */, 32768) = 0
[pid  5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5864] <... mmap resumed>)         = 0x7f281f200000
[pid  5839] close(4 <unfinished ...>
[pid  5838] getdents64(3,  <unfinished ...>
[pid  5865] <... write resumed>)        = 65536
[pid  5839] <... close resumed>)        = 0
[pid  5839] rmdir("\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" <unfinished ...>
[pid  5865] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5864] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5839] <... rmdir resumed>)        = 0
[pid  5838] <... getdents64 resumed>0x5555615456f0 /* 4 entries */, 32768) = 176
[pid  5865] <... munmap resumed>)       = 0
[pid  5839] getdents64(3,  <unfinished ...>
[pid  5838] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5865] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5839] <... getdents64 resumed>0x5555615456f0 /* 0 entries */, 32768) = 0
[pid  5838] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5865] <... openat resumed>)       = 4
[pid  5839] close(3 <unfinished ...>
[pid  5838] newfstatat(AT_FDCWD, "./3/binderfs",  <unfinished ...>
[pid  5865] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5839] <... close resumed>)        = 0
[pid  5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5838] unlink("./3/binderfs" <unfinished ...>
[pid  5864] <... write resumed>)        = 65536
[pid  5863] <... mount resumed>)        = 0
[pid  5839] rmdir("./3" <unfinished ...>
[pid  5838] <... unlink resumed>)       = 0
[pid  5864] munmap(0x7f281f200000, 138412032 <unfinished ...>
[pid  5838] umount2("\x2e\x2f\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5864] <... munmap resumed>)       = 0
[pid  5863] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5865] <... ioctl resumed>)        = 0
[pid  5864] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5839] <... rmdir resumed>)        = 0
[pid  5865] close(3 <unfinished ...>
[pid  5839] mkdir("./4", 0777 <unfinished ...>
[pid  5865] <... close resumed>)        = 0
[pid  5839] <... mkdir resumed>)        = 0
[pid  5865] close(4 <unfinished ...>
[pid  5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3
[pid  5839] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5839] close(3)                    = 0
[pid  5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached
 <unfinished ...>
[pid  5864] <... openat resumed>)       = 4
[pid  5866] set_robust_list(0x555561544660, 24 <unfinished ...>
[pid  5839] <... clone resumed>, child_tidptr=0x555561544650) = 5866
[pid  5866] <... set_robust_list resumed>) = 0
[pid  5866] chdir("./4")                = 0
[pid  5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[   64.470239][ T5863] VFS: Found a Xenix FS (block size = 1024) on device loop3
[   64.486455][ T5865] loop2: detected capacity change from 0 to 128
[   64.493874][ T5838] sysv_free_block: flc_count > flc_size
[   64.500187][ T5838] sysv_free_block: flc_count > flc_size
[   64.506021][ T5838] sysv_free_block: flc_count > flc_size
[pid  5866] setpgid(0, 0)               = 0
[pid  5865] <... close resumed>)        = 0
[pid  5864] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5863] <... openat resumed>)       = 3
[pid  5865] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5865] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5863] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5866] <... openat resumed>)       = 3
[pid  5863] <... chdir resumed>)        = 0
[pid  5863] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5866] write(3, "1000", 4)         = 4
[pid  5866] close(3)                    = 0
[pid  5866] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5863] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5863] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5864] <... ioctl resumed>)        = 0
[pid  5863] <... open resumed>)         = -1 EIO (Input/output error)
[pid  5866] write(1, "executing program\n", 18 <unfinished ...>
[pid  5864] close(3 <unfinished ...>
[pid  5863] exit_group(0executing program
 <unfinished ...>
[pid  5866] <... write resumed>)        = 18
[pid  5866] memfd_create("syzkaller", 0) = 3
[pid  5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f281f200000
[pid  5864] <... close resumed>)        = 0
[pid  5863] <... exit_group resumed>)   = ?
[pid  5866] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536
[pid  5864] close(4 <unfinished ...>
[pid  5863] +++ exited with 0 +++
[pid  5866] munmap(0x7f281f200000, 138412032) = 0
[pid  5866] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4
[pid  5866] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5865] <... mount resumed>)        = 0
[pid  5864] <... close resumed>)        = 0
[pid  5841] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5864] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5841] <... restart_syscall resumed>) = 0
[pid  5865] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5864] <... mkdir resumed>)        = 0
[pid  5864] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", 0, "" <unfinished ...>
[pid  5865] <... openat resumed>)       = 3
[   64.514555][ T5864] loop4: detected capacity change from 0 to 128
[   64.532393][ T5865] VFS: Found a Xenix FS (block size = 1024) on device loop2
[   64.538890][ T5838] sysv_free_block: flc_count > flc_size
[   64.545714][ T5838] sysv_free_block: flc_count > flc_size
[   64.559014][ T5866] loop1: detected capacity change from 0 to 128
[pid  5865] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5841] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5865] <... chdir resumed>)        = 0
[pid  5865] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[   64.572719][ T5864] VFS: Found a Xenix FS (block size = 1024) on device loop4
[   64.575163][ T5865] ==================================================================
[   64.580524][ T5838] sysv_free_block: flc_count > flc_size
[   64.588178][ T5865] BUG: KASAN: use-after-free in sysv_new_inode+0xfc7/0x1160
[   64.594978][ T5838] sysv_free_block: flc_count > flc_size
[   64.600991][ T5865] Read of size 2 at addr ffff8880782af1ce by task syz-executor188/5865
[   64.601011][ T5865] 
[   64.601035][ T5865] CPU: 1 UID: 0 PID: 5865 Comm: syz-executor188 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   64.601055][ T5865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   64.606934][ T5838] sysv_free_block: flc_count > flc_size
[   64.614812][ T5865] Call Trace:
[   64.614823][ T5865]  <TASK>
[   64.614830][ T5865]  dump_stack_lvl+0x241/0x360
[   64.614859][ T5865]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.617375][ T5838] sysv_free_block: flc_count > flc_size
[   64.627913][ T5865]  ? __pfx__printk+0x10/0x10
[   64.627942][ T5865]  ? _printk+0xd5/0x120
[   64.627959][ T5865]  ? __virt_addr_valid+0x183/0x530
[   64.665725][ T5838] sysv_free_block: flc_count > flc_size
[   64.669836][ T5865]  ? __virt_addr_valid+0x183/0x530
[   64.669865][ T5865]  print_report+0x169/0x550
[   64.669884][ T5865]  ? __virt_addr_valid+0x183/0x530
[   64.674499][ T5838] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   64.679192][ T5865]  ? __virt_addr_valid+0x183/0x530
[   64.679211][ T5865]  ? __virt_addr_valid+0x45f/0x530
[   64.679226][ T5865]  ? __phys_addr+0xba/0x170
[   64.679243][ T5865]  ? sysv_new_inode+0xfc7/0x1160
[   64.679258][ T5865]  kasan_report+0x143/0x180
[   64.679277][ T5865]  ? sysv_new_inode+0xfc7/0x1160
[   64.679294][ T5865]  sysv_new_inode+0xfc7/0x1160
[   64.679314][ T5865]  ? __pfx_sysv_new_inode+0x10/0x10
[   64.679339][ T5865]  ? _raw_spin_unlock+0x28/0x50
[   64.679361][ T5865]  ? __d_add+0x500/0x800
[   64.679380][ T5865]  sysv_mknod+0x4e/0xe0
[   64.760207][ T5865]  ? __pfx_sysv_create+0x10/0x10
[   64.765251][ T5865]  path_openat+0x1c03/0x3590
[   64.770070][ T5865]  ? __pfx_path_openat+0x10/0x10
[   64.775366][ T5865]  do_filp_open+0x27f/0x4e0
[   64.779955][ T5865]  ? __pfx_do_filp_open+0x10/0x10
[   64.784975][ T5865]  ? do_raw_spin_lock+0x14f/0x370
[   64.790353][ T5865]  do_sys_openat2+0x13e/0x1d0
[   64.795290][ T5865]  ? __pfx_do_sys_openat2+0x10/0x10
[   64.800493][ T5865]  ? lockdep_hardirqs_on+0x99/0x150
[   64.806027][ T5865]  ? _raw_spin_unlock_irq+0x2e/0x50
[   64.811219][ T5865]  ? ptrace_notify+0x279/0x380
[   64.815997][ T5865]  __x64_sys_open+0x225/0x270
[   64.820684][ T5865]  ? __pfx___x64_sys_open+0x10/0x10
[   64.825899][ T5865]  ? do_syscall_64+0x100/0x230
[   64.830661][ T5865]  do_syscall_64+0xf3/0x230
[   64.835165][ T5865]  ? clear_bhb_loop+0x35/0x90
[   64.839929][ T5865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.846201][ T5865] RIP: 0033:0x7f282781d1d9
[   64.850794][ T5865] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   64.870480][ T5865] RSP: 002b:00007ffedfc42d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   64.878892][ T5865] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f282781d1d9
[   64.886855][ T5865] RDX: 0000000000000000 RSI: 00100000001a1540 RDI: 0000000020000580
[   64.894910][ T5865] RBP: 00000000ffffffff R08: 0000000000009e7f R09: 0000000000000000
[   64.902894][ T5865] R10: 00007ffedfc42db0 R11: 0000000000000246 R12: 00007ffedfc42d70
[   64.910864][ T5865] R13: 00007ffedfc42db0 R14: 0000000000010000 R15: 0000000000000003
[   64.918840][ T5865]  </TASK>
[   64.921938][ T5865] 
[   64.924347][ T5865] The buggy address belongs to the physical page:
[   64.930843][ T5865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f8af3c7b pfn:0x782af
[   64.940743][ T5865] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   64.947941][ T5865] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[   64.956508][ T5865] raw: 00000007f8af3c7b 0000000000000000 00000000ffffffff 0000000000000000
[   64.965080][ T5865] page dumped because: kasan: bad access detected
[   64.971588][ T5865] page_owner tracks the page as freed
[   64.977112][ T5865] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5825, tgid 5825 (sshd), ts 55873467811, free_ts 55931325869
[   64.995767][ T5865]  post_alloc_hook+0x1f3/0x230
[   65.000545][ T5865]  get_page_from_freelist+0x363e/0x3790
[   65.006184][ T5865]  __alloc_pages_noprof+0x292/0x710
[   65.011414][ T5865]  alloc_pages_mpol_noprof+0x3e8/0x680
[   65.016875][ T5865]  vma_alloc_folio_noprof+0x12e/0x230
[   65.022553][ T5865]  folio_prealloc+0x31/0x170
[   65.027140][ T5865]  handle_pte_fault+0x24dd/0x6820
[   65.032419][ T5865]  handle_mm_fault+0x1053/0x1ad0
[   65.037525][ T5865]  exc_page_fault+0x459/0x8c0
[   65.042191][ T5865]  asm_exc_page_fault+0x26/0x30
[   65.047116][ T5865] page last free pid 5825 tgid 5825 stack trace:
[   65.053427][ T5865]  free_unref_folios+0xf21/0x1a10
[   65.058448][ T5865]  folios_put_refs+0x76c/0x860
[   65.063222][ T5865]  free_pages_and_swap_cache+0x2ea/0x690
[   65.068861][ T5865]  tlb_flush_mmu+0x3a3/0x680
[   65.073476][ T5865]  tlb_finish_mmu+0xd4/0x200
[   65.078323][ T5865]  vms_clear_ptes+0x437/0x530
[   65.083010][ T5865]  vms_complete_munmap_vmas+0x214/0x8f0
[   65.088561][ T5865]  do_vmi_align_munmap+0x5ef/0x6f0
[   65.093670][ T5865]  do_vmi_munmap+0x24e/0x2d0
[   65.098255][ T5865]  __vm_munmap+0x24c/0x480
[   65.102690][ T5865]  __x64_sys_munmap+0x60/0x70
[   65.107357][ T5865]  do_syscall_64+0xf3/0x230
[   65.111849][ T5865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.117733][ T5865] 
[   65.120043][ T5865] Memory state around the buggy address:
[   65.125668][ T5865]  ffff8880782af080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.133719][ T5865]  ffff8880782af100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.141879][ T5865] >ffff8880782af180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.149931][ T5865]                                               ^
[   65.156338][ T5865]  ffff8880782af200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.164583][ T5865]  ffff8880782af280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[pid  5865] open("./file0", O_RDONLY|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_NOFOLLOW|O_CLOEXEC, 000 <unfinished ...>
[pid  5866] <... ioctl resumed>)        = 0
[pid  5864] <... mount resumed>)        = 0
[pid  5841] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5866] close(3 <unfinished ...>
[pid  5864] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5841] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5866] <... close resumed>)        = 0
[pid  5866] close(4 <unfinished ...>
[pid  5864] <... openat resumed>)       = 3
[pid  5841] <... openat resumed>)       = 3
[   65.172630][ T5865] ==================================================================
[   65.186240][ T5865] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   65.193455][ T5865] CPU: 0 UID: 0 PID: 5865 Comm: syz-executor188 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   65.204211][ T5865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   65.214257][ T5865] Call Trace:
[   65.217527][ T5865]  <TASK>
[   65.220445][ T5865]  dump_stack_lvl+0x241/0x360
[   65.225119][ T5865]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.230307][ T5865]  ? __pfx__printk+0x10/0x10
[   65.234896][ T5865]  ? vscnprintf+0x5d/0x90
[   65.239224][ T5865]  panic+0x349/0x880
[   65.243111][ T5865]  ? check_panic_on_warn+0x21/0xb0
[   65.248210][ T5865]  ? __pfx_panic+0x10/0x10
[   65.252633][ T5865]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   65.258607][ T5865]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   65.264951][ T5865]  ? print_report+0x502/0x550
[   65.269637][ T5865]  check_panic_on_warn+0x86/0xb0
[   65.274568][ T5865]  ? sysv_new_inode+0xfc7/0x1160
[   65.279495][ T5865]  end_report+0x77/0x160
[   65.283739][ T5865]  kasan_report+0x154/0x180
[   65.288364][ T5865]  ? sysv_new_inode+0xfc7/0x1160
[   65.293813][ T5865]  sysv_new_inode+0xfc7/0x1160
[   65.298676][ T5865]  ? __pfx_sysv_new_inode+0x10/0x10
[   65.303979][ T5865]  ? _raw_spin_unlock+0x28/0x50
[   65.308825][ T5865]  ? __d_add+0x500/0x800
[   65.313078][ T5865]  sysv_mknod+0x4e/0xe0
[   65.317223][ T5865]  ? __pfx_sysv_create+0x10/0x10
[   65.322166][ T5865]  path_openat+0x1c03/0x3590
[   65.326803][ T5865]  ? __pfx_path_openat+0x10/0x10
[   65.331753][ T5865]  do_filp_open+0x27f/0x4e0
[   65.336293][ T5865]  ? __pfx_do_filp_open+0x10/0x10
[   65.341402][ T5865]  ? do_raw_spin_lock+0x14f/0x370
[   65.346525][ T5865]  do_sys_openat2+0x13e/0x1d0
[   65.351550][ T5865]  ? __pfx_do_sys_openat2+0x10/0x10
[   65.356879][ T5865]  ? lockdep_hardirqs_on+0x99/0x150
[   65.362191][ T5865]  ? _raw_spin_unlock_irq+0x2e/0x50
[   65.367409][ T5865]  ? ptrace_notify+0x279/0x380
[   65.372258][ T5865]  __x64_sys_open+0x225/0x270
[   65.376935][ T5865]  ? __pfx___x64_sys_open+0x10/0x10
[   65.382126][ T5865]  ? do_syscall_64+0x100/0x230
[   65.386887][ T5865]  do_syscall_64+0xf3/0x230
[   65.391390][ T5865]  ? clear_bhb_loop+0x35/0x90
[   65.396063][ T5865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.402044][ T5865] RIP: 0033:0x7f282781d1d9
[   65.406445][ T5865] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   65.426042][ T5865] RSP: 002b:00007ffedfc42d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   65.434538][ T5865] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f282781d1d9
[   65.442517][ T5865] RDX: 0000000000000000 RSI: 00100000001a1540 RDI: 0000000020000580
[   65.450594][ T5865] RBP: 00000000ffffffff R08: 0000000000009e7f R09: 0000000000000000
[   65.458574][ T5865] R10: 00007ffedfc42db0 R11: 0000000000000246 R12: 00007ffedfc42d70
[   65.466536][ T5865] R13: 00007ffedfc42db0 R14: 0000000000010000 R15: 0000000000000003
[   65.474510][ T5865]  </TASK>
[   65.477803][ T5865] Kernel Offset: disabled
[   65.482164][ T5865] Rebooting in 86400 seconds..