./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3724650743

<...>
Warning: Permanently added '10.128.10.1' (ED25519) to the list of known hosts.
execve("./syz-executor3724650743", ["./syz-executor3724650743"], 0x7ffc1d1981d0 /* 10 vars */) = 0
brk(NULL)                               = 0x55556f9b6000
brk(0x55556f9b6e00)                     = 0x55556f9b6e00
arch_prctl(ARCH_SET_FS, 0x55556f9b6480) = 0
set_tid_address(0x55556f9b6750)         = 5842
set_robust_list(0x55556f9b6760, 24)     = 0
rseq(0x55556f9b6da0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3724650743", 4096) = 28
getrandom("\x6b\x73\x72\x40\x47\x48\xa1\x97", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556f9b6e00
brk(0x55556f9d7e00)                     = 0x55556f9d7e00
brk(0x55556f9d8000)                     = 0x55556f9d8000
mprotect(0x7f4f4f361000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f4f4f2b6940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4f4f2bf690}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f4f4f2b6940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4f4f2bf690}, NULL, 8) = 0
mkdir("./syzkaller.KIJz6a", 0700)       = 0
chmod("./syzkaller.KIJz6a", 0777)       = 0
chdir("./syzkaller.KIJz6a")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached
, child_tidptr=0x55556f9b6750) = 5843
[pid  5843] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5843] chdir("./0")                = 0
[pid  5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5843] setpgid(0, 0)               = 0
[pid  5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5843] write(3, "1000", 4)         = 4
[pid  5843] close(3)                    = 0
[pid  5843] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5843] write(1, "executing program\n", 18) = 18
[pid  5843] memfd_create("syzkaller", 0) = 3
[pid  5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5843] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5843] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5843] close(3)                    = 0
[pid  5843] close(4)                    = 0
[pid  5843] mkdir("./bus", 0777)        = 0
[   89.092981][ T5843] loop0: detected capacity change from 0 to 512
[pid  5843] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5843] chdir("./bus")              = 0
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5843] mkdir("./bus", 0777)        = 0
[pid  5843] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5843] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5843] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[   89.148169][ T5843] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.161128][ T5843] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/0/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5843] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5843] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5843] exit_group(0)               = ?
[pid  5843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   89.210690][   T29] audit: type=1800 audit(1729998433.921:2): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   89.231742][   T29] audit: type=1800 audit(1729998433.931:3): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached
 <unfinished ...>
[pid  5848] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5848
[pid  5848] chdir("./1")                = 0
[pid  5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5848] setpgid(0, 0)               = 0
[pid  5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5848] write(3, "1000", 4)         = 4
[pid  5848] close(3)                    = 0
[pid  5848] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5848] write(1, "executing program\n", 18) = 18
[pid  5848] memfd_create("syzkaller", 0) = 3
[pid  5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[   89.327201][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5848] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5848] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5848] close(3)                    = 0
[pid  5848] close(4)                    = 0
[pid  5848] mkdir("./bus", 0777)        = 0
[   89.402362][ T5848] loop0: detected capacity change from 0 to 512
[pid  5848] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5848] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5848] chdir("./bus")              = 0
[pid  5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5848] mkdir("./bus", 0777)        = 0
[pid  5848] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5848] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5848] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[   89.444256][ T5848] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.457058][ T5848] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5848] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5848] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5848] exit_group(0)               = ?
[pid  5848] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
[   89.494003][   T29] audit: type=1800 audit(1729998434.201:4): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   89.515235][   T29] audit: type=1800 audit(1729998434.211:5): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   89.549113][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached
, child_tidptr=0x55556f9b6750) = 5851
[pid  5851] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5851] chdir("./2")                = 0
[pid  5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5851] setpgid(0, 0)               = 0
[pid  5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1000", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5851] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5851] write(1, "executing program\n", 18) = 18
[pid  5851] memfd_create("syzkaller", 0) = 3
[pid  5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5851] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5851] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5851] close(3)                    = 0
[pid  5851] close(4)                    = 0
[pid  5851] mkdir("./bus", 0777)        = 0
[   89.837185][ T5851] loop0: detected capacity change from 0 to 512
[pid  5851] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5851] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5851] chdir("./bus")              = 0
[pid  5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5851] mkdir("./bus", 0777)        = 0
[pid  5851] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5851] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5851] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[   89.914946][ T5851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.928369][ T5851] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/2/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5851] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5851] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5851] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5851] exit_group(0)               = ?
[pid  5851] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   89.995711][   T29] audit: type=1800 audit(1729998434.701:6): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   90.018143][   T29] audit: type=1800 audit(1729998434.721:7): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached
 <unfinished ...>
[pid  5854] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5854
[pid  5854] chdir("./3")                = 0
[pid  5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5854] setpgid(0, 0)               = 0
[pid  5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "1000", 4)         = 4
[   90.105564][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5854] close(3)                    = 0
[pid  5854] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5854] write(1, "executing program\n", 18executing program
) = 18
[pid  5854] memfd_create("syzkaller", 0) = 3
[pid  5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5854] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5854] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5854] close(3)                    = 0
[pid  5854] close(4)                    = 0
[pid  5854] mkdir("./bus", 0777)        = 0
[   90.182285][ T5854] loop0: detected capacity change from 0 to 512
[pid  5854] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5854] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5854] chdir("./bus")              = 0
[pid  5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5854] mkdir("./bus", 0777)        = 0
[pid  5854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[   90.244808][ T5854] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.257983][ T5854] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/3/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5854] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5854] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5854] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5854] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5854] exit_group(0)               = ?
[pid  5854] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
[   90.311427][   T29] audit: type=1800 audit(1729998435.021:8): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   90.332330][   T29] audit: type=1800 audit(1729998435.031:9): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached
 <unfinished ...>
[pid  5857] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5857
[pid  5857] <... set_robust_list resumed>) = 0
[pid  5857] chdir("./4")                = 0
[pid  5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5857] setpgid(0, 0)               = 0
[pid  5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5857] write(3, "1000", 4)         = 4
[pid  5857] close(3)                    = 0
[   90.389016][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5857] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5857] write(1, "executing program\n", 18) = 18
[pid  5857] memfd_create("syzkaller", 0) = 3
[pid  5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5857] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5857] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5857] close(3)                    = 0
[pid  5857] close(4)                    = 0
[pid  5857] mkdir("./bus", 0777)        = 0
[   90.471401][ T5857] loop0: detected capacity change from 0 to 512
[pid  5857] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5857] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5857] chdir("./bus")              = 0
[pid  5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   90.514308][ T5857] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.527299][ T5857] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5857] mkdir("./bus", 0777)        = 0
[pid  5857] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5857] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5857] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5857] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5857] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5857] exit_group(0)               = ?
[pid  5857] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   90.582394][   T29] audit: type=1800 audit(1729998435.291:10): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   90.603345][   T29] audit: type=1800 audit(1729998435.301:11): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached
, child_tidptr=0x55556f9b6750) = 5860
[pid  5860] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5860] chdir("./5")                = 0
[pid  5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5860] setpgid(0, 0)               = 0
[pid  5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5860] write(3, "1000", 4)         = 4
[pid  5860] close(3)                    = 0
[   90.718204][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5860] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5860] write(1, "executing program\n", 18executing program
) = 18
[pid  5860] memfd_create("syzkaller", 0) = 3
[pid  5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5860] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5860] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5860] close(3)                    = 0
[pid  5860] close(4)                    = 0
[pid  5860] mkdir("./bus", 0777)        = 0
[   90.820848][ T5860] loop0: detected capacity change from 0 to 512
[pid  5860] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5860] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5860] chdir("./bus")              = 0
[pid  5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   90.866102][ T5860] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.878744][ T5860] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/5/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5860] mkdir("./bus", 0777)        = 0
[pid  5860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5860] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5860] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5860] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5860] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5860] exit_group(0)               = ?
[pid  5860] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached
, child_tidptr=0x55556f9b6750) = 5863
[pid  5863] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5863] chdir("./6")                = 0
[pid  5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5863] setpgid(0, 0)               = 0
[pid  5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5863] write(3, "1000", 4)         = 4
[pid  5863] close(3)                    = 0
[pid  5863] symlink("/dev/binderfs", "./binderfs") = 0
[   91.083523][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
executing program
[pid  5863] write(1, "executing program\n", 18) = 18
[pid  5863] memfd_create("syzkaller", 0) = 3
[pid  5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5863] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5863] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5863] close(3)                    = 0
[pid  5863] close(4)                    = 0
[pid  5863] mkdir("./bus", 0777)        = 0
[   91.197408][ T5863] loop0: detected capacity change from 0 to 512
[pid  5863] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5863] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5863] chdir("./bus")              = 0
[   91.244903][ T5863] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.257645][ T5863] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5863] mkdir("./bus", 0777)        = 0
[pid  5863] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5863] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5863] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5863] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5863] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5863] exit_group(0)               = ?
[pid  5863] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/bus")                        = 0
[   91.402086][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached
 <unfinished ...>
[pid  5866] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5866] chdir("./7")                = 0
[pid  5866] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5866
[pid  5866] <... prctl resumed>)        = 0
[pid  5866] setpgid(0, 0)               = 0
[pid  5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid  5866] write(3, "1000", 4)         = 4
[pid  5866] close(3)                    = 0
[pid  5866] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5866] write(1, "executing program\n", 18) = 18
[pid  5866] memfd_create("syzkaller", 0) = 3
[pid  5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5866] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5866] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5866] close(3)                    = 0
[pid  5866] close(4)                    = 0
[pid  5866] mkdir("./bus", 0777)        = 0
[   91.559682][ T5866] loop0: detected capacity change from 0 to 512
[pid  5866] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5866] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5866] chdir("./bus")              = 0
[pid  5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5866] mkdir("./bus", 0777)        = 0
[pid  5866] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5866] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5866] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[   91.622709][ T5866] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.636442][ T5866] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/7/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5866] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5866] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5866] exit_group(0)               = ?
[pid  5866] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
[   91.786109][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
rmdir("./7/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached
, child_tidptr=0x55556f9b6750) = 5869
[pid  5869] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5869] chdir("./8")                = 0
[pid  5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5869] setpgid(0, 0)               = 0
[pid  5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "1000", 4)         = 4
[pid  5869] close(3)                    = 0
[pid  5869] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5869] write(1, "executing program\n", 18) = 18
[pid  5869] memfd_create("syzkaller", 0) = 3
[pid  5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5869] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5869] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5869] close(3)                    = 0
[pid  5869] close(4)                    = 0
[pid  5869] mkdir("./bus", 0777)        = 0
[   91.977796][ T5869] loop0: detected capacity change from 0 to 512
[pid  5869] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5869] chdir("./bus")              = 0
[pid  5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   92.034420][ T5869] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.047193][ T5869] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5869] mkdir("./bus", 0777)        = 0
[pid  5869] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5869] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5869] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5869] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5869] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5869] exit_group(0)               = ?
[pid  5869] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs")                  = 0
umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached
, child_tidptr=0x55556f9b6750) = 5872
[pid  5872] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5872] chdir("./9")                = 0
[pid  5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5872] setpgid(0, 0)               = 0
[pid  5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5872] write(3, "1000", 4)         = 4
[pid  5872] close(3)                    = 0
[pid  5872] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[   92.249220][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5872] write(1, "executing program\n", 18) = 18
[pid  5872] memfd_create("syzkaller", 0) = 3
[pid  5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5872] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5872] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5872] close(3)                    = 0
[pid  5872] close(4)                    = 0
[pid  5872] mkdir("./bus", 0777)        = 0
[   92.320588][ T5872] loop0: detected capacity change from 0 to 512
[pid  5872] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5872] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5872] chdir("./bus")              = 0
[pid  5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   92.375712][ T5872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.388342][ T5872] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/9/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5872] mkdir("./bus", 0777)        = 0
[pid  5872] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5872] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5872] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5872] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5872] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5872] exit_group(0)               = ?
[pid  5872] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/bus")                        = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached
, child_tidptr=0x55556f9b6750) = 5875
[   92.600887][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5875] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5875] chdir("./10")               = 0
[pid  5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5875] setpgid(0, 0)               = 0
[pid  5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5875] write(3, "1000", 4)         = 4
[pid  5875] close(3)                    = 0
[pid  5875] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5875] write(1, "executing program\n", 18) = 18
[pid  5875] memfd_create("syzkaller", 0) = 3
[pid  5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5875] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5875] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5875] close(3)                    = 0
[pid  5875] close(4)                    = 0
[pid  5875] mkdir("./bus", 0777)        = 0
[   92.743683][ T5875] loop0: detected capacity change from 0 to 512
[pid  5875] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5875] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5875] chdir("./bus")              = 0
[pid  5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5875] mkdir("./bus", 0777)        = 0
[pid  5875] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5875] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5875] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5875] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5875] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5875] exit_group(0)               = ?
[pid  5875] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
[   92.794004][ T5875] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.807755][ T5875] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/10/bus supports timestamps until 2038-01-19 (0x7fffffff)
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached
, child_tidptr=0x55556f9b6750) = 5878
[pid  5878] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5878] chdir("./11")               = 0
[pid  5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5878] setpgid(0, 0)               = 0
[pid  5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5878] write(3, "1000", 4)         = 4
[   92.918898][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5878] close(3)                    = 0
[pid  5878] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5878] write(1, "executing program\n", 18) = 18
[pid  5878] memfd_create("syzkaller", 0) = 3
[pid  5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5878] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5878] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5878] close(3)                    = 0
[pid  5878] close(4)                    = 0
[pid  5878] mkdir("./bus", 0777)        = 0
[   93.041435][ T5878] loop0: detected capacity change from 0 to 512
[pid  5878] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5878] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5878] chdir("./bus")              = 0
[pid  5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5878] mkdir("./bus", 0777)        = 0
[pid  5878] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[   93.094374][ T5878] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.107049][ T5878] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/11/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5878] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5878] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5878] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5878] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5878] exit_group(0)               = ?
[pid  5878] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs")                 = 0
umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached
, child_tidptr=0x55556f9b6750) = 5881
[pid  5881] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5881] chdir("./12")               = 0
[   93.306483][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5881] setpgid(0, 0)               = 0
[pid  5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5881] write(3, "1000", 4)         = 4
[pid  5881] close(3)                    = 0
[pid  5881] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid  5881] write(1, "executing program\n", 18) = 18
[pid  5881] memfd_create("syzkaller", 0) = 3
[pid  5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5881] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5881] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5881] close(3)                    = 0
[pid  5881] close(4)                    = 0
[pid  5881] mkdir("./bus", 0777)        = 0
[   93.382220][ T5881] loop0: detected capacity change from 0 to 512
[pid  5881] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5881] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5881] chdir("./bus")              = 0
[pid  5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5881] mkdir("./bus", 0777)        = 0
[   93.425288][ T5881] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.438023][ T5881] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5881] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5881] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5881] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5881] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5881] exit_group(0)               = ?
[pid  5881] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached
 <unfinished ...>
[pid  5884] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5884
[pid  5884] <... set_robust_list resumed>) = 0
[pid  5884] chdir("./13")               = 0
[pid  5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5884] setpgid(0, 0)               = 0
[pid  5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5884] write(3, "1000", 4)         = 4
[pid  5884] close(3)                    = 0
executing program
[pid  5884] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5884] write(1, "executing program\n", 18) = 18
[pid  5884] memfd_create("syzkaller", 0) = 3
[pid  5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[   93.640052][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5884] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5884] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5884] close(3)                    = 0
[pid  5884] close(4)                    = 0
[pid  5884] mkdir("./bus", 0777)        = 0
[   93.731189][ T5884] loop0: detected capacity change from 0 to 512
[pid  5884] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5884] chdir("./bus")              = 0
[pid  5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5884] mkdir("./bus", 0777)        = 0
[pid  5884] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5884] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5884] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5884] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5884] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5884] exit_group(0)               = ?
[pid  5884] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   93.774930][ T5884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.787529][ T5884] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/13/bus supports timestamps until 2038-01-19 (0x7fffffff)
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached
 <unfinished ...>
[pid  5888] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5888
[pid  5888] chdir("./14")               = 0
[pid  5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5888] setpgid(0, 0)               = 0
[pid  5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5888] write(3, "1000", 4)         = 4
[pid  5888] close(3)                    = 0
[pid  5888] symlink("/dev/binderfs", "./binderfs") = 0
[   93.844242][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5888] write(1, "executing program\n", 18) = 18
executing program
[pid  5888] memfd_create("syzkaller", 0) = 3
[pid  5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5888] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5888] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5888] close(3)                    = 0
[pid  5888] close(4)                    = 0
[pid  5888] mkdir("./bus", 0777)        = 0
[   93.942969][ T5888] loop0: detected capacity change from 0 to 512
[   93.976625][ T5888] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[pid  5888] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5888] chdir("./bus")              = 0
[pid  5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5888] mkdir("./bus", 0777)        = 0
[pid  5888] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5888] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5888] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5888] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[   93.989399][ T5888] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/14/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5888] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5888] exit_group(0)               = ?
[pid  5888] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached
, child_tidptr=0x55556f9b6750) = 5891
[   94.189979][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5891] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5891] chdir("./15")               = 0
[pid  5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5891] setpgid(0, 0)               = 0
[pid  5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5891] write(3, "1000", 4)         = 4
[pid  5891] close(3)                    = 0
[pid  5891] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5891] write(1, "executing program\n", 18) = 18
[pid  5891] memfd_create("syzkaller", 0) = 3
[pid  5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5891] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5891] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5891] close(3)                    = 0
[pid  5891] close(4)                    = 0
[pid  5891] mkdir("./bus", 0777)        = 0
[   94.314514][ T5891] loop0: detected capacity change from 0 to 512
[pid  5891] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5891] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5891] chdir("./bus")              = 0
[pid  5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5891] mkdir("./bus", 0777)        = 0
[pid  5891] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5891] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5891] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5891] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[   94.396327][ T5891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.410034][ T5891] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/15/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5891] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5891] exit_group(0)               = ?
[pid  5891] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs")                 = 0
[   94.471226][   T29] kauditd_printk_skb: 20 callbacks suppressed
[   94.471253][   T29] audit: type=1800 audit(1729998439.171:32): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   94.526557][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.551019][   T29] audit: type=1800 audit(1729998439.171:33): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached
 <unfinished ...>
[pid  5894] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5894
[pid  5894] <... set_robust_list resumed>) = 0
[pid  5894] chdir("./16")               = 0
[pid  5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5894] setpgid(0, 0)               = 0
[pid  5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5894] write(3, "1000", 4)         = 4
[pid  5894] close(3)                    = 0
[pid  5894] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5894] write(1, "executing program\n", 18executing program
) = 18
[pid  5894] memfd_create("syzkaller", 0) = 3
[pid  5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5894] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5894] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5894] close(3)                    = 0
[pid  5894] close(4)                    = 0
[pid  5894] mkdir("./bus", 0777)        = 0
[   94.854217][ T5894] loop0: detected capacity change from 0 to 512
[pid  5894] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5894] chdir("./bus")              = 0
[pid  5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5894] mkdir("./bus", 0777)        = 0
[pid  5894] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5894] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[   94.903884][ T5894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.917084][ T5894] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5894] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5894] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5894] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5894] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5894] exit_group(0)               = ?
[pid  5894] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   94.969187][   T29] audit: type=1800 audit(1729998439.671:34): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   94.992248][   T29] audit: type=1800 audit(1729998439.701:35): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs")                 = 0
umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
[   95.146094][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached
 <unfinished ...>
[pid  5897] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5897
[pid  5897] <... set_robust_list resumed>) = 0
[pid  5897] chdir("./17")               = 0
[pid  5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5897] setpgid(0, 0)               = 0
[pid  5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5897] write(3, "1000", 4)         = 4
[pid  5897] close(3)                    = 0
[pid  5897] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5897] write(1, "executing program\n", 18) = 18
[pid  5897] memfd_create("syzkaller", 0) = 3
[pid  5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5897] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5897] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5897] close(3)                    = 0
[pid  5897] close(4)                    = 0
[pid  5897] mkdir("./bus", 0777)        = 0
[   95.266924][ T5897] loop0: detected capacity change from 0 to 512
[pid  5897] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5897] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5897] chdir("./bus")              = 0
[pid  5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   95.313855][ T5897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.326404][ T5897] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5897] mkdir("./bus", 0777)        = 0
[pid  5897] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5897] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5897] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5897] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5897] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5897] exit_group(0)               = ?
[pid  5897] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   95.383443][   T29] audit: type=1800 audit(1729998440.091:36): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   95.404397][   T29] audit: type=1800 audit(1729998440.101:37): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached
, child_tidptr=0x55556f9b6750) = 5900
[pid  5900] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5900] chdir("./18")               = 0
[pid  5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5900] setpgid(0, 0)               = 0
[pid  5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5900] write(3, "1000", 4)         = 4
[pid  5900] close(3)                    = 0
[   95.539118][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
executing program
[pid  5900] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5900] write(1, "executing program\n", 18) = 18
[pid  5900] memfd_create("syzkaller", 0) = 3
[pid  5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5900] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5900] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5900] close(3)                    = 0
[pid  5900] close(4)                    = 0
[pid  5900] mkdir("./bus", 0777)        = 0
[   95.639893][ T5900] loop0: detected capacity change from 0 to 512
[pid  5900] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5900] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5900] chdir("./bus")              = 0
[pid  5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5900] mkdir("./bus", 0777)        = 0
[pid  5900] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5900] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5900] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[   95.704232][ T5900] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.717170][ T5900] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/18/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5900] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5900] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5900] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5900] exit_group(0)               = ?
[pid  5900] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   95.753293][   T29] audit: type=1800 audit(1729998440.461:38): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   95.774233][   T29] audit: type=1800 audit(1729998440.471:39): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs")                 = 0
umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached
 <unfinished ...>
[pid  5903] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5903
[pid  5903] chdir("./19")               = 0
[pid  5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5903] setpgid(0, 0)               = 0
[pid  5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5903] write(3, "1000", 4)         = 4
[pid  5903] close(3)                    = 0
[pid  5903] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[   95.868008][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5903] write(1, "executing program\n", 18) = 18
[pid  5903] memfd_create("syzkaller", 0) = 3
[pid  5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5903] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5903] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5903] close(3)                    = 0
[pid  5903] close(4)                    = 0
[pid  5903] mkdir("./bus", 0777)        = 0
[   95.940795][ T5903] loop0: detected capacity change from 0 to 512
[pid  5903] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5903] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5903] chdir("./bus")              = 0
[pid  5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5903] mkdir("./bus", 0777)        = 0
[pid  5903] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5903] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5903] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[   96.004727][ T5903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.017475][ T5903] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/19/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5903] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5903] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[   96.063375][   T29] audit: type=1800 audit(1729998440.771:40): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[pid  5903] exit_group(0)               = ?
[pid  5903] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   96.096181][   T29] audit: type=1800 audit(1729998440.801:41): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached
, child_tidptr=0x55556f9b6750) = 5906
[pid  5906] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5906] chdir("./20")               = 0
[pid  5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5906] setpgid(0, 0)               = 0
[pid  5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5906] write(3, "1000", 4)         = 4
[pid  5906] close(3)                    = 0
[pid  5906] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5906] write(1, "executing program\n", 18executing program
) = 18
[pid  5906] memfd_create("syzkaller", 0) = 3
[pid  5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[   96.232819][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5906] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5906] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5906] close(3)                    = 0
[pid  5906] close(4)                    = 0
[pid  5906] mkdir("./bus", 0777)        = 0
[   96.302842][ T5906] loop0: detected capacity change from 0 to 512
[pid  5906] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5906] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5906] chdir("./bus")              = 0
[pid  5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5906] mkdir("./bus", 0777)        = 0
[pid  5906] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5906] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[   96.348078][ T5906] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.361459][ T5906] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5906] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5906] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5906] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5906] exit_group(0)               = ?
[pid  5906] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached
 <unfinished ...>
[pid  5909] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5909
[pid  5909] <... set_robust_list resumed>) = 0
[   96.450515][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5909] chdir("./21")               = 0
[pid  5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5909] setpgid(0, 0)               = 0
[pid  5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5909] write(3, "1000", 4)         = 4
[pid  5909] close(3)                    = 0
[pid  5909] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5909] write(1, "executing program\n", 18) = 18
[pid  5909] memfd_create("syzkaller", 0) = 3
[pid  5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5909] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   96.544352][ T1221] cfg80211: failed to load regulatory.db
[pid  5909] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5909] close(3)                    = 0
[pid  5909] close(4)                    = 0
[pid  5909] mkdir("./bus", 0777)        = 0
[   96.585182][ T5909] loop0: detected capacity change from 0 to 512
[pid  5909] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5909] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5909] chdir("./bus")              = 0
[pid  5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5909] mkdir("./bus", 0777)        = 0
[pid  5909] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5909] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5909] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5909] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5909] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5909] exit_group(0)               = ?
[pid  5909] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   96.635370][ T5909] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.648125][ T5909] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/21/bus supports timestamps until 2038-01-19 (0x7fffffff)
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs")                 = 0
umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[   96.704611][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached
, child_tidptr=0x55556f9b6750) = 5912
[pid  5912] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5912] chdir("./22")               = 0
[pid  5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5912] setpgid(0, 0)               = 0
[pid  5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5912] write(3, "1000", 4)         = 4
[pid  5912] close(3)                    = 0
[pid  5912] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5912] write(1, "executing program\n", 18) = 18
[pid  5912] memfd_create("syzkaller", 0) = 3
[pid  5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5912] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5912] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5912] close(3)                    = 0
[pid  5912] close(4)                    = 0
[pid  5912] mkdir("./bus", 0777)        = 0
[   96.889004][ T5912] loop0: detected capacity change from 0 to 512
[pid  5912] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5912] chdir("./bus")              = 0
[   96.944229][ T5912] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.956873][ T5912] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5912] mkdir("./bus", 0777)        = 0
[pid  5912] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5912] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5912] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5912] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5912] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5912] exit_group(0)               = ?
[pid  5912] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs")                 = 0
umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached
, child_tidptr=0x55556f9b6750) = 5915
[pid  5915] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5915] chdir("./23")               = 0
[pid  5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5915] setpgid(0, 0)               = 0
[pid  5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5915] write(3, "1000", 4)         = 4
[pid  5915] close(3)                    = 0
[pid  5915] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5915] write(1, "executing program\n", 18executing program
) = 18
[   97.042800][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5915] memfd_create("syzkaller", 0) = 3
[pid  5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5915] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5915] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5915] close(3)                    = 0
[pid  5915] close(4)                    = 0
[pid  5915] mkdir("./bus", 0777)        = 0
[   97.126652][ T5915] loop0: detected capacity change from 0 to 512
[pid  5915] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5915] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5915] chdir("./bus")              = 0
[pid  5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5915] mkdir("./bus", 0777)        = 0
[pid  5915] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[   97.184578][ T5915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.197924][ T5915] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/23/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5915] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5915] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5915] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5915] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5915] exit_group(0)               = ?
[pid  5915] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[   97.389918][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f9b6750) = 5918
./strace-static-x86_64: Process 5918 attached
[pid  5918] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5918] chdir("./24")               = 0
[pid  5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5918] setpgid(0, 0)               = 0
[pid  5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5918] write(3, "1000", 4)         = 4
[pid  5918] close(3)                    = 0
[pid  5918] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5918] write(1, "executing program\n", 18) = 18
[pid  5918] memfd_create("syzkaller", 0) = 3
[pid  5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5918] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5918] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5918] close(3)                    = 0
[pid  5918] close(4)                    = 0
[pid  5918] mkdir("./bus", 0777)        = 0
[   97.549872][ T5918] loop0: detected capacity change from 0 to 512
[pid  5918] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5918] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5918] chdir("./bus")              = 0
[pid  5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5918] mkdir("./bus", 0777)        = 0
[pid  5918] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5918] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[   97.604519][ T5918] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.617455][ T5918] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5918] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5918] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5918] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5918] exit_group(0)               = ?
[pid  5918] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5921 attached
, child_tidptr=0x55556f9b6750) = 5921
[pid  5921] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5921] chdir("./25")               = 0
[pid  5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5921] setpgid(0, 0)               = 0
[pid  5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5921] write(3, "1000", 4)         = 4
[pid  5921] close(3)                    = 0
[pid  5921] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5921] write(1, "executing program\n", 18executing program
) = 18
[   97.825274][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5921] memfd_create("syzkaller", 0) = 3
[pid  5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5921] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5921] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5921] close(3)                    = 0
[pid  5921] close(4)                    = 0
[pid  5921] mkdir("./bus", 0777)        = 0
[   97.896742][ T5921] loop0: detected capacity change from 0 to 512
[pid  5921] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[   97.944741][ T5921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.957942][ T5921] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5921] chdir("./bus")              = 0
[pid  5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5921] mkdir("./bus", 0777)        = 0
[pid  5921] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5921] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5921] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5921] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5921] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5921] exit_group(0)               = ?
[pid  5921] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs")                 = 0
umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached
, child_tidptr=0x55556f9b6750) = 5924
[pid  5924] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5924] chdir("./26")               = 0
[pid  5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5924] setpgid(0, 0)               = 0
[pid  5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5924] write(3, "1000", 4)         = 4
[pid  5924] close(3)                    = 0
[   98.151276][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5924] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5924] write(1, "executing program\n", 18executing program
) = 18
[pid  5924] memfd_create("syzkaller", 0) = 3
[pid  5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5924] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5924] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5924] close(3)                    = 0
[pid  5924] close(4)                    = 0
[pid  5924] mkdir("./bus", 0777)        = 0
[   98.257498][ T5924] loop0: detected capacity change from 0 to 512
[pid  5924] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5924] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5924] chdir("./bus")              = 0
[pid  5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   98.314684][ T5924] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.327850][ T5924] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5924] mkdir("./bus", 0777)        = 0
[pid  5924] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5924] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5924] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5924] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5924] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5924] exit_group(0)               = ?
[pid  5924] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached
, child_tidptr=0x55556f9b6750) = 5927
[pid  5927] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5927] chdir("./27")               = 0
[pid  5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5927] setpgid(0, 0)               = 0
[pid  5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5927] write(3, "1000", 4)         = 4
[pid  5927] close(3)                    = 0
[pid  5927] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5927] write(1, "executing program\n", 18) = 18
[   98.525614][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5927] memfd_create("syzkaller", 0) = 3
[pid  5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5927] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5927] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5927] close(3)                    = 0
[pid  5927] close(4)                    = 0
[pid  5927] mkdir("./bus", 0777)        = 0
[   98.600126][ T5927] loop0: detected capacity change from 0 to 512
[pid  5927] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5927] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5927] chdir("./bus")              = 0
[   98.654074][ T5927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.666719][ T5927] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/27/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5927] mkdir("./bus", 0777)        = 0
[pid  5927] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5927] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5927] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5927] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5927] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5927] exit_group(0)               = ?
[pid  5927] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs")                 = 0
umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
[   98.896155][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached
, child_tidptr=0x55556f9b6750) = 5930
[pid  5930] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5930] chdir("./28")               = 0
[pid  5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5930] setpgid(0, 0)               = 0
[pid  5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5930] write(3, "1000", 4)         = 4
[pid  5930] close(3)                    = 0
[pid  5930] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5930] write(1, "executing program\n", 18) = 18
[pid  5930] memfd_create("syzkaller", 0) = 3
[pid  5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5930] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5930] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5930] close(3)                    = 0
[pid  5930] close(4)                    = 0
[pid  5930] mkdir("./bus", 0777)        = 0
[   99.065842][ T5930] loop0: detected capacity change from 0 to 512
[pid  5930] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5930] chdir("./bus")              = 0
[pid  5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5930] mkdir("./bus", 0777)        = 0
[pid  5930] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5930] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5930] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5930] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[   99.114703][ T5930] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.127429][ T5930] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5930] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5930] exit_group(0)               = ?
[pid  5930] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f9b6750) = 5933
./strace-static-x86_64: Process 5933 attached
[pid  5933] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5933] chdir("./29")               = 0
[   99.320082][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5933] setpgid(0, 0)               = 0
[pid  5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5933] write(3, "1000", 4)         = 4
[pid  5933] close(3)                    = 0
[pid  5933] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5933] write(1, "executing program\n", 18) = 18
[pid  5933] memfd_create("syzkaller", 0) = 3
[pid  5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5933] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5933] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5933] close(3)                    = 0
[pid  5933] close(4)                    = 0
[pid  5933] mkdir("./bus", 0777)        = 0
[   99.454525][ T5933] loop0: detected capacity change from 0 to 512
[pid  5933] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5933] chdir("./bus")              = 0
[pid  5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5933] mkdir("./bus", 0777)        = 0
[pid  5933] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[   99.493817][ T5933] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.506501][ T5933] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5933] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5933] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5933] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5933] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5933] exit_group(0)               = ?
[pid  5933] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   99.588508][   T29] kauditd_printk_skb: 18 callbacks suppressed
[   99.588536][   T29] audit: type=1800 audit(1729998444.291:60): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[   99.617458][   T29] audit: type=1800 audit(1729998444.321:61): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs")                 = 0
umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
[   99.708420][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached
 <unfinished ...>
[pid  5936] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5936
[pid  5936] <... set_robust_list resumed>) = 0
[pid  5936] chdir("./30")               = 0
[pid  5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5936] setpgid(0, 0)               = 0
[pid  5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5936] write(3, "1000", 4)         = 4
[pid  5936] close(3)                    = 0
[pid  5936] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5936] write(1, "executing program\n", 18) = 18
[pid  5936] memfd_create("syzkaller", 0) = 3
[pid  5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5936] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5936] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5936] close(3)                    = 0
[pid  5936] close(4)                    = 0
[pid  5936] mkdir("./bus", 0777)        = 0
[   99.889653][ T5936] loop0: detected capacity change from 0 to 512
[pid  5936] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5936] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5936] chdir("./bus")              = 0
[pid  5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5936] mkdir("./bus", 0777)        = 0
[pid  5936] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5936] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5936] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[   99.944048][ T5936] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.957036][ T5936] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5936] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5936] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5936] exit_group(0)               = ?
[pid  5936] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  100.003198][   T29] audit: type=1800 audit(1729998444.711:62): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  100.026038][   T29] audit: type=1800 audit(1729998444.741:63): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached
, child_tidptr=0x55556f9b6750) = 5939
[pid  5939] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5939] chdir("./31")               = 0
[pid  5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5939] setpgid(0, 0)               = 0
[pid  5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5939] write(3, "1000", 4)         = 4
[pid  5939] close(3)                    = 0
[pid  5939] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5939] write(1, "executing program\n", 18executing program
) = 18
[pid  5939] memfd_create("syzkaller", 0) = 3
[pid  5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[  100.181821][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5939] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5939] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5939] close(3)                    = 0
[pid  5939] close(4)                    = 0
[pid  5939] mkdir("./bus", 0777)        = 0
[  100.250784][ T5939] loop0: detected capacity change from 0 to 512
[  100.277499][ T5939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[pid  5939] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5939] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[  100.290208][ T5939] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5939] chdir("./bus")              = 0
[pid  5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5939] mkdir("./bus", 0777)        = 0
[pid  5939] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5939] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5939] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5939] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5939] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5939] exit_group(0)               = ?
[pid  5939] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs")                 = 0
[  100.391850][   T29] audit: type=1800 audit(1729998445.101:64): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  100.412852][   T29] audit: type=1800 audit(1729998445.101:65): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./31/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached
 <unfinished ...>
[pid  5942] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5942] chdir("./32" <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5942
[pid  5942] <... chdir resumed>)        = 0
[pid  5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5942] setpgid(0, 0)               = 0
[pid  5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5942] write(3, "1000", 4)         = 4
[pid  5942] close(3)                    = 0
[pid  5942] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5942] write(1, "executing program\n", 18executing program
) = 18
[pid  5942] memfd_create("syzkaller", 0) = 3
[  100.487815][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5942] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5942] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5942] close(3)                    = 0
[pid  5942] close(4)                    = 0
[pid  5942] mkdir("./bus", 0777)        = 0
[  100.580462][ T5942] loop0: detected capacity change from 0 to 512
[pid  5942] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5942] chdir("./bus")              = 0
[pid  5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5942] mkdir("./bus", 0777)        = 0
[pid  5942] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5942] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5942] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[  100.634527][ T5942] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/32/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5942] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5942] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5942] exit_group(0)               = ?
[  100.679285][   T29] audit: type=1800 audit(1729998445.381:66): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  100.700487][   T29] audit: type=1800 audit(1729998445.401:67): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
[pid  5942] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs")                 = 0
umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./32/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached
, child_tidptr=0x55556f9b6750) = 5945
[pid  5945] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5945] chdir("./33")               = 0
[pid  5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5945] setpgid(0, 0)               = 0
[pid  5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5945] write(3, "1000", 4)         = 4
[pid  5945] close(3)                    = 0
[pid  5945] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5945] write(1, "executing program\n", 18) = 18
[pid  5945] memfd_create("syzkaller", 0) = 3
[pid  5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5945] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5945] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5945] close(3)                    = 0
[pid  5945] close(4)                    = 0
[pid  5945] mkdir("./bus", 0777)        = 0
[  100.946976][ T5945] loop0: detected capacity change from 0 to 512
[pid  5945] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5945] chdir("./bus")              = 0
[pid  5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  101.004749][ T5945] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/33/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5945] mkdir("./bus", 0777)        = 0
[pid  5945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5945] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5945] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5945] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5945] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5945] exit_group(0)               = ?
[pid  5945] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[  101.073986][   T29] audit: type=1800 audit(1729998445.781:68): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  101.095582][   T29] audit: type=1800 audit(1729998445.781:69): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
unlink("./33/binderfs")                 = 0
umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./33/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached
, child_tidptr=0x55556f9b6750) = 5948
[pid  5948] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5948] chdir("./34")               = 0
[pid  5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5948] setpgid(0, 0)               = 0
[pid  5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5948] write(3, "1000", 4)         = 4
[pid  5948] close(3)                    = 0
[pid  5948] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5948] write(1, "executing program\n", 18executing program
) = 18
[pid  5948] memfd_create("syzkaller", 0) = 3
[pid  5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5948] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5948] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5948] close(3)                    = 0
[pid  5948] close(4)                    = 0
[pid  5948] mkdir("./bus", 0777)        = 0
[  101.237950][ T5948] loop0: detected capacity change from 0 to 512
[pid  5948] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5948] chdir("./bus")              = 0
[pid  5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5948] mkdir("./bus", 0777)        = 0
[pid  5948] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5948] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5948] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[  101.294295][ T5948] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5948] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5948] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5948] exit_group(0)               = ?
[pid  5948] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs")                 = 0
umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./34/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5951 attached
, child_tidptr=0x55556f9b6750) = 5951
[pid  5951] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5951] chdir("./35")               = 0
[pid  5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5951] setpgid(0, 0)               = 0
[pid  5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5951] write(3, "1000", 4)         = 4
[pid  5951] close(3)                    = 0
[pid  5951] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5951] write(1, "executing program\n", 18executing program
) = 18
[pid  5951] memfd_create("syzkaller", 0) = 3
[pid  5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5951] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5951] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5951] close(3)                    = 0
[pid  5951] close(4)                    = 0
[pid  5951] mkdir("./bus", 0777)        = 0
[pid  5951] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5951] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5951] chdir("./bus")              = 0
[  101.566635][ T5951] loop0: detected capacity change from 0 to 512
[  101.596473][ T5951] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/35/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5951] mkdir("./bus", 0777)        = 0
[pid  5951] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5951] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5951] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5951] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5951] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5951] exit_group(0)               = ?
[pid  5951] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs")                 = 0
umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./35/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached
 <unfinished ...>
[pid  5954] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5954
[pid  5954] chdir("./36")               = 0
[pid  5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5954] setpgid(0, 0)               = 0
[pid  5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5954] write(3, "1000", 4)         = 4
[pid  5954] close(3)                    = 0
[pid  5954] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5954] write(1, "executing program\n", 18) = 18
executing program
[pid  5954] memfd_create("syzkaller", 0) = 3
[pid  5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5954] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5954] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5954] close(3)                    = 0
[pid  5954] close(4)                    = 0
[pid  5954] mkdir("./bus", 0777)        = 0
[  101.897980][ T5954] loop0: detected capacity change from 0 to 512
[pid  5954] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5954] chdir("./bus")              = 0
[pid  5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5954] mkdir("./bus", 0777)        = 0
[pid  5954] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5954] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5954] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5954] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5954] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5954] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5954] exit_group(0)               = ?
[pid  5954] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
[  101.975136][ T5954] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/36/bus supports timestamps until 2038-01-19 (0x7fffffff)
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs")                 = 0
umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./36/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached
, child_tidptr=0x55556f9b6750) = 5957
[pid  5957] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5957] chdir("./37")               = 0
[pid  5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5957] setpgid(0, 0)               = 0
[pid  5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5957] write(3, "1000", 4)         = 4
[pid  5957] close(3)                    = 0
[pid  5957] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5957] write(1, "executing program\n", 18executing program
) = 18
[pid  5957] memfd_create("syzkaller", 0) = 3
[pid  5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5957] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5957] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5957] close(3)                    = 0
[pid  5957] close(4)                    = 0
[pid  5957] mkdir("./bus", 0777)        = 0
[  102.388876][ T5957] loop0: detected capacity change from 0 to 512
[pid  5957] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5957] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5957] chdir("./bus")              = 0
[pid  5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5957] mkdir("./bus", 0777)        = 0
[pid  5957] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  102.434741][ T5957] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/37/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5957] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5957] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5957] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5957] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5957] exit_group(0)               = ?
[pid  5957] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs")                 = 0
umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./37/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5960 attached
, child_tidptr=0x55556f9b6750) = 5960
[pid  5960] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5960] chdir("./38")               = 0
[pid  5960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5960] setpgid(0, 0)               = 0
[pid  5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5960] write(3, "1000", 4)         = 4
[pid  5960] close(3)                    = 0
[pid  5960] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5960] write(1, "executing program\n", 18) = 18
[pid  5960] memfd_create("syzkaller", 0) = 3
[pid  5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5960] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5960] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5960] close(3)                    = 0
[pid  5960] close(4)                    = 0
[pid  5960] mkdir("./bus", 0777)        = 0
[pid  5960] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5960] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5960] chdir("./bus")              = 0
[pid  5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  102.817543][ T5960] loop0: detected capacity change from 0 to 512
[  102.854432][ T5960] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5960] mkdir("./bus", 0777)        = 0
[pid  5960] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5960] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5960] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5960] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5960] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5960] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5960] exit_group(0)               = ?
[pid  5960] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs")                 = 0
umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./38/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5963 attached
, child_tidptr=0x55556f9b6750) = 5963
[pid  5963] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5963] chdir("./39")               = 0
[pid  5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5963] setpgid(0, 0)               = 0
[pid  5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5963] write(3, "1000", 4)         = 4
[pid  5963] close(3)                    = 0
[pid  5963] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5963] write(1, "executing program\n", 18) = 18
[pid  5963] memfd_create("syzkaller", 0) = 3
[pid  5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5963] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5963] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5963] close(3)                    = 0
[pid  5963] close(4)                    = 0
[pid  5963] mkdir("./bus", 0777)        = 0
[  103.249113][ T5963] loop0: detected capacity change from 0 to 512
[pid  5963] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5963] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5963] chdir("./bus")              = 0
[pid  5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  103.294184][ T5963] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/39/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5963] mkdir("./bus", 0777)        = 0
[pid  5963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5963] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5963] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5963] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5963] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5963] exit_group(0)               = ?
[pid  5963] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs")                 = 0
umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./39/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./39")                           = 0
mkdir("./40", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached
 <unfinished ...>
[pid  5966] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5966] chdir("./40")               = 0
[pid  5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5966] setpgid(0, 0)               = 0
[pid  5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5966
[pid  5966] <... openat resumed>)       = 3
[pid  5966] write(3, "1000", 4)         = 4
[pid  5966] close(3)                    = 0
[pid  5966] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5966] write(1, "executing program\n", 18) = 18
[pid  5966] memfd_create("syzkaller", 0) = 3
[pid  5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5966] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5966] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5966] close(3)                    = 0
[pid  5966] close(4)                    = 0
[pid  5966] mkdir("./bus", 0777)        = 0
[  103.744853][ T5966] loop0: detected capacity change from 0 to 512
[pid  5966] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5966] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5966] chdir("./bus")              = 0
[pid  5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5966] mkdir("./bus", 0777)        = 0
[pid  5966] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5966] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5966] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5966] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5966] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5966] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5966] exit_group(0)               = ?
[pid  5966] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[  103.794215][ T5966] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/40/bus supports timestamps until 2038-01-19 (0x7fffffff)
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs")                 = 0
umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./40/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./40")                           = 0
mkdir("./41", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached
 <unfinished ...>
[pid  5969] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5969] chdir("./41" <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5969
[pid  5969] <... chdir resumed>)        = 0
[pid  5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5969] setpgid(0, 0)               = 0
[pid  5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5969] write(3, "1000", 4)         = 4
[pid  5969] close(3)                    = 0
[pid  5969] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5969] write(1, "executing program\n", 18) = 18
[pid  5969] memfd_create("syzkaller", 0) = 3
[pid  5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5969] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5969] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5969] close(3)                    = 0
[pid  5969] close(4)                    = 0
[pid  5969] mkdir("./bus", 0777)        = 0
[  104.058059][ T5969] loop0: detected capacity change from 0 to 512
[pid  5969] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5969] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5969] chdir("./bus")              = 0
[pid  5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5969] mkdir("./bus", 0777)        = 0
[pid  5969] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5969] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5969] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5969] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[  104.114986][ T5969] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/41/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5969] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5969] exit_group(0)               = ?
[pid  5969] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs")                 = 0
umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./41/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./41")                           = 0
mkdir("./42", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5972 attached
, child_tidptr=0x55556f9b6750) = 5972
[pid  5972] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5972] chdir("./42")               = 0
[pid  5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5972] setpgid(0, 0)               = 0
[pid  5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5972] write(3, "1000", 4)         = 4
[pid  5972] close(3)                    = 0
[pid  5972] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5972] write(1, "executing program\n", 18) = 18
[pid  5972] memfd_create("syzkaller", 0) = 3
[pid  5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5972] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5972] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5972] close(3)                    = 0
[pid  5972] close(4)                    = 0
[pid  5972] mkdir("./bus", 0777)        = 0
[  104.326490][ T5972] loop0: detected capacity change from 0 to 512
[pid  5972] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5972] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5972] chdir("./bus")              = 0
[pid  5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5972] mkdir("./bus", 0777)        = 0
[pid  5972] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5972] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5972] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5972] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5972] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[  104.384255][ T5972] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/42/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5972] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5972] exit_group(0)               = ?
[pid  5972] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs")                 = 0
umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./42/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./42")                           = 0
mkdir("./43", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5975 attached
, child_tidptr=0x55556f9b6750) = 5975
[pid  5975] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5975] chdir("./43")               = 0
[pid  5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5975] setpgid(0, 0)               = 0
[pid  5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5975] write(3, "1000", 4)         = 4
[pid  5975] close(3)                    = 0
[pid  5975] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5975] write(1, "executing program\n", 18) = 18
[pid  5975] memfd_create("syzkaller", 0) = 3
[pid  5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5975] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5975] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5975] close(3)                    = 0
[pid  5975] close(4)                    = 0
[pid  5975] mkdir("./bus", 0777)        = 0
[  104.769107][ T5975] loop0: detected capacity change from 0 to 512
[pid  5975] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5975] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5975] chdir("./bus")              = 0
[pid  5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5975] mkdir("./bus", 0777)        = 0
[pid  5975] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5975] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[  104.814977][ T5975] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/43/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5975] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5975] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5975] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5975] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5975] exit_group(0)               = ?
[pid  5975] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[  104.877930][   T29] kauditd_printk_skb: 18 callbacks suppressed
[  104.877954][   T29] audit: type=1800 audit(1729998449.581:88): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  104.905722][   T29] audit: type=1800 audit(1729998449.591:89): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs")                 = 0
umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./43/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./43")                           = 0
mkdir("./44", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached
 <unfinished ...>
[pid  5978] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5978
[pid  5978] chdir("./44")               = 0
[pid  5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5978] setpgid(0, 0)               = 0
[pid  5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5978] write(3, "1000", 4)         = 4
[pid  5978] close(3)                    = 0
[pid  5978] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5978] write(1, "executing program\n", 18executing program
) = 18
[pid  5978] memfd_create("syzkaller", 0) = 3
[pid  5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5978] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5978] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5978] close(3)                    = 0
[pid  5978] close(4)                    = 0
[pid  5978] mkdir("./bus", 0777)        = 0
[  105.088627][ T5978] loop0: detected capacity change from 0 to 512
[pid  5978] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5978] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5978] chdir("./bus")              = 0
[pid  5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5978] mkdir("./bus", 0777)        = 0
[pid  5978] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5978] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[  105.148905][ T5978] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/44/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5978] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5978] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5978] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5978] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5978] exit_group(0)               = ?
[pid  5978] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs")                 = 0
umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./44/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./44")                           = 0
mkdir("./45", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
[  105.214131][   T29] audit: type=1800 audit(1729998449.921:90): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  105.235097][   T29] audit: type=1800 audit(1729998449.921:91): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached
, child_tidptr=0x55556f9b6750) = 5981
[pid  5981] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5981] chdir("./45")               = 0
[pid  5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5981] setpgid(0, 0)               = 0
[pid  5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5981] write(3, "1000", 4)         = 4
[pid  5981] close(3)                    = 0
[pid  5981] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5981] write(1, "executing program\n", 18) = 18
[pid  5981] memfd_create("syzkaller", 0) = 3
[pid  5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5981] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5981] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5981] close(3)                    = 0
[pid  5981] close(4)                    = 0
[pid  5981] mkdir("./bus", 0777)        = 0
[  105.388034][ T5981] loop0: detected capacity change from 0 to 512
[pid  5981] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5981] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5981] chdir("./bus")              = 0
[pid  5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  105.454236][ T5981] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/45/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5981] mkdir("./bus", 0777)        = 0
[pid  5981] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5981] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5981] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5981] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5981] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5981] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5981] exit_group(0)               = ?
[pid  5981] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  105.524467][   T29] audit: type=1800 audit(1729998450.231:92): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  105.546610][   T29] audit: type=1800 audit(1729998450.251:93): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs")                 = 0
umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./45/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./45")                           = 0
mkdir("./46", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached
, child_tidptr=0x55556f9b6750) = 5984
[pid  5984] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5984] chdir("./46")               = 0
[pid  5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5984] setpgid(0, 0)               = 0
[pid  5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5984] write(3, "1000", 4)         = 4
[pid  5984] close(3)                    = 0
[pid  5984] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5984] write(1, "executing program\n", 18executing program
) = 18
[pid  5984] memfd_create("syzkaller", 0) = 3
[pid  5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5984] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5984] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5984] close(3)                    = 0
[pid  5984] close(4)                    = 0
[pid  5984] mkdir("./bus", 0777)        = 0
[  105.771940][ T5984] loop0: detected capacity change from 0 to 512
[pid  5984] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5984] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5984] chdir("./bus")              = 0
[pid  5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5984] mkdir("./bus", 0777)        = 0
[pid  5984] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5984] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5984] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5984] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5984] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5984] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5984] exit_group(0)               = ?
[pid  5984] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
[  105.824241][ T5984] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/46/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  105.849267][   T29] audit: type=1800 audit(1729998450.551:94): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[  105.871247][   T29] audit: type=1800 audit(1729998450.561:95): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs")                 = 0
umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./46/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./46")                           = 0
mkdir("./47", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5987 attached
, child_tidptr=0x55556f9b6750) = 5987
[pid  5987] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5987] chdir("./47")               = 0
[pid  5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5987] setpgid(0, 0)               = 0
[pid  5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5987] write(3, "1000", 4)         = 4
[pid  5987] close(3)                    = 0
[pid  5987] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5987] write(1, "executing program\n", 18) = 18
[pid  5987] memfd_create("syzkaller", 0) = 3
[pid  5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5987] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5987] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5987] close(3)                    = 0
[pid  5987] close(4)                    = 0
[pid  5987] mkdir("./bus", 0777)        = 0
[pid  5987] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5987] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5987] chdir("./bus")              = 0
[  106.090795][ T5987] loop0: detected capacity change from 0 to 512
[  106.124591][ T5987] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/47/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5987] mkdir("./bus", 0777)        = 0
[pid  5987] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5987] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5987] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5987] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5987] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5987] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5987] exit_group(0)               = ?
[pid  5987] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  106.205442][   T29] audit: type=1800 audit(1729998450.911:96): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  106.226450][   T29] audit: type=1800 audit(1729998450.921:97): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs")                 = 0
umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./47/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./47")                           = 0
mkdir("./48", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5990 attached
, child_tidptr=0x55556f9b6750) = 5990
[pid  5990] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5990] chdir("./48")               = 0
[pid  5990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5990] setpgid(0, 0)               = 0
[pid  5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5990] write(3, "1000", 4)         = 4
[pid  5990] close(3)                    = 0
[pid  5990] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5990] write(1, "executing program\n", 18) = 18
[pid  5990] memfd_create("syzkaller", 0) = 3
[pid  5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5990] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5990] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5990] close(3)                    = 0
[pid  5990] close(4)                    = 0
[pid  5990] mkdir("./bus", 0777)        = 0
[  106.467409][ T5990] loop0: detected capacity change from 0 to 512
[pid  5990] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5990] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5990] chdir("./bus")              = 0
[pid  5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5990] mkdir("./bus", 0777)        = 0
[pid  5990] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5990] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5990] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5990] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5990] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5990] exit_group(0)               = ?
[pid  5990] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs")                 = 0
umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[  106.524233][ T5990] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/48/bus supports timestamps until 2038-01-19 (0x7fffffff)
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./48/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./48")                           = 0
mkdir("./49", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached
 <unfinished ...>
[pid  5993] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5993] chdir("./49" <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 5993
[pid  5993] <... chdir resumed>)        = 0
[pid  5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5993] setpgid(0, 0)               = 0
[pid  5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5993] write(3, "1000", 4)         = 4
[pid  5993] close(3)                    = 0
[pid  5993] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5993] write(1, "executing program\n", 18) = 18
[pid  5993] memfd_create("syzkaller", 0) = 3
[pid  5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5993] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5993] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5993] close(3)                    = 0
[pid  5993] close(4)                    = 0
[pid  5993] mkdir("./bus", 0777)        = 0
[  106.802935][ T5993] loop0: detected capacity change from 0 to 512
[pid  5993] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5993] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5993] chdir("./bus")              = 0
[pid  5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  106.864219][ T5993] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/49/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5993] mkdir("./bus", 0777)        = 0
[pid  5993] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5993] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5993] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5993] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5993] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5993] exit_group(0)               = ?
[pid  5993] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs")                 = 0
umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./49/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./49")                           = 0
mkdir("./50", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5996 attached
, child_tidptr=0x55556f9b6750) = 5996
[pid  5996] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5996] chdir("./50")               = 0
[pid  5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5996] setpgid(0, 0)               = 0
[pid  5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5996] write(3, "1000", 4)         = 4
[pid  5996] close(3)                    = 0
[pid  5996] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5996] write(1, "executing program\n", 18executing program
) = 18
[pid  5996] memfd_create("syzkaller", 0) = 3
[pid  5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5996] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5996] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5996] close(3)                    = 0
[pid  5996] close(4)                    = 0
[pid  5996] mkdir("./bus", 0777)        = 0
[  107.180727][ T5996] loop0: detected capacity change from 0 to 512
[pid  5996] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5996] chdir("./bus")              = 0
[pid  5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  107.224205][ T5996] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5996] mkdir("./bus", 0777)        = 0
[pid  5996] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5996] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5996] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5996] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5996] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5996] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5996] exit_group(0)               = ?
[pid  5996] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs")                 = 0
umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./50/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./50")                           = 0
mkdir("./51", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached
, child_tidptr=0x55556f9b6750) = 5999
[pid  5999] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5999] chdir("./51")               = 0
[pid  5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5999] setpgid(0, 0)               = 0
[pid  5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5999] write(3, "1000", 4)         = 4
[pid  5999] close(3)                    = 0
[pid  5999] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5999] write(1, "executing program\n", 18) = 18
[pid  5999] memfd_create("syzkaller", 0) = 3
[pid  5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5999] munmap(0x7f4f46e00000, 138412032) = 0
[pid  5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5999] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5999] close(3)                    = 0
[pid  5999] close(4)                    = 0
[pid  5999] mkdir("./bus", 0777)        = 0
[  107.518274][ T5999] loop0: detected capacity change from 0 to 512
[pid  5999] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  5999] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5999] chdir("./bus")              = 0
[pid  5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5999] mkdir("./bus", 0777)        = 0
[pid  5999] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  107.574703][ T5999] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/51/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5999] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  5999] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  5999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  5999] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  5999] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  5999] exit_group(0)               = ?
[pid  5999] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs")                 = 0
umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./51/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./51")                           = 0
mkdir("./52", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6002 attached
, child_tidptr=0x55556f9b6750) = 6002
[pid  6002] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6002] chdir("./52")               = 0
[pid  6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6002] setpgid(0, 0)               = 0
[pid  6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6002] write(3, "1000", 4)         = 4
[pid  6002] close(3)                    = 0
[pid  6002] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6002] write(1, "executing program\n", 18) = 18
[pid  6002] memfd_create("syzkaller", 0) = 3
[pid  6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6002] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6002] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6002] close(3)                    = 0
[pid  6002] close(4)                    = 0
[pid  6002] mkdir("./bus", 0777)        = 0
[  107.806278][ T6002] loop0: detected capacity change from 0 to 512
[pid  6002] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6002] chdir("./bus")              = 0
[pid  6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6002] mkdir("./bus", 0777)        = 0
[pid  6002] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6002] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6002] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6002] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6002] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[  107.864752][ T6002] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/52/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6002] exit_group(0)               = ?
[pid  6002] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs")                 = 0
umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./52/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./52")                           = 0
mkdir("./53", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached
 <unfinished ...>
[pid  6005] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6005
[pid  6005] <... set_robust_list resumed>) = 0
[pid  6005] chdir("./53")               = 0
[pid  6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6005] setpgid(0, 0)               = 0
[pid  6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6005] write(3, "1000", 4)         = 4
[pid  6005] close(3)                    = 0
[pid  6005] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6005] write(1, "executing program\n", 18executing program
) = 18
[pid  6005] memfd_create("syzkaller", 0) = 3
[pid  6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6005] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6005] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6005] close(3)                    = 0
[pid  6005] close(4)                    = 0
[pid  6005] mkdir("./bus", 0777)        = 0
[  107.996085][ T6005] loop0: detected capacity change from 0 to 512
[pid  6005] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6005] chdir("./bus")              = 0
[pid  6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6005] mkdir("./bus", 0777)        = 0
[pid  6005] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6005] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[  108.034310][ T6005] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/53/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6005] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6005] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6005] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6005] exit_group(0)               = ?
[pid  6005] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs")                 = 0
umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./53/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./53")                           = 0
mkdir("./54", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6008 attached
 <unfinished ...>
[pid  6008] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6008
[pid  6008] chdir("./54")               = 0
[pid  6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6008] setpgid(0, 0)               = 0
[pid  6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6008] write(3, "1000", 4)         = 4
[pid  6008] close(3)                    = 0
[pid  6008] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6008] write(1, "executing program\n", 18executing program
) = 18
[pid  6008] memfd_create("syzkaller", 0) = 3
[pid  6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6008] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6008] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6008] close(3)                    = 0
[pid  6008] close(4)                    = 0
[pid  6008] mkdir("./bus", 0777)        = 0
[  108.403190][ T6008] loop0: detected capacity change from 0 to 512
[pid  6008] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6008] chdir("./bus")              = 0
[pid  6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6008] mkdir("./bus", 0777)        = 0
[pid  6008] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  108.444862][ T6008] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/54/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6008] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6008] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6008] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6008] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6008] exit_group(0)               = ?
[pid  6008] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs")                 = 0
umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./54/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./54")                           = 0
mkdir("./55", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached
, child_tidptr=0x55556f9b6750) = 6011
[pid  6011] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6011] chdir("./55")               = 0
[pid  6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6011] setpgid(0, 0)               = 0
[pid  6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6011] write(3, "1000", 4)         = 4
[pid  6011] close(3)                    = 0
[pid  6011] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6011] write(1, "executing program\n", 18) = 18
[pid  6011] memfd_create("syzkaller", 0executing program
) = 3
[pid  6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6011] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6011] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6011] close(3)                    = 0
[pid  6011] close(4)                    = 0
[pid  6011] mkdir("./bus", 0777)        = 0
[  108.693607][ T6011] loop0: detected capacity change from 0 to 512
[pid  6011] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6011] chdir("./bus")              = 0
[pid  6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  108.755040][ T6011] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/55/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6011] mkdir("./bus", 0777)        = 0
[pid  6011] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6011] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6011] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6011] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6011] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6011] exit_group(0)               = ?
[pid  6011] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs")                 = 0
umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./55/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./55")                           = 0
mkdir("./56", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6014 attached
, child_tidptr=0x55556f9b6750) = 6014
[pid  6014] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6014] chdir("./56")               = 0
[pid  6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6014] setpgid(0, 0)               = 0
[pid  6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6014] write(3, "1000", 4)         = 4
[pid  6014] close(3)                    = 0
[pid  6014] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6014] write(1, "executing program\n", 18) = 18
[pid  6014] memfd_create("syzkaller", 0) = 3
[pid  6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6014] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6014] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6014] close(3)                    = 0
[pid  6014] close(4)                    = 0
[pid  6014] mkdir("./bus", 0777)        = 0
[  109.119453][ T6014] loop0: detected capacity change from 0 to 512
[pid  6014] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6014] chdir("./bus")              = 0
[pid  6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  109.164288][ T6014] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/56/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6014] mkdir("./bus", 0777)        = 0
[pid  6014] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6014] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6014] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6014] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6014] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6014] exit_group(0)               = ?
[pid  6014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs")                 = 0
umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./56/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./56")                           = 0
mkdir("./57", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached
, child_tidptr=0x55556f9b6750) = 6017
[pid  6017] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6017] chdir("./57")               = 0
[pid  6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6017] setpgid(0, 0)               = 0
[pid  6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6017] write(3, "1000", 4)         = 4
[pid  6017] close(3)                    = 0
[pid  6017] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6017] write(1, "executing program\n", 18) = 18
[pid  6017] memfd_create("syzkaller", 0) = 3
[pid  6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6017] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6017] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6017] close(3)                    = 0
[pid  6017] close(4)                    = 0
[pid  6017] mkdir("./bus", 0777)        = 0
[  109.434315][ T6017] loop0: detected capacity change from 0 to 512
[pid  6017] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6017] chdir("./bus")              = 0
[pid  6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6017] mkdir("./bus", 0777)        = 0
[pid  6017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  109.475241][ T6017] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/57/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6017] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6017] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6017] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6017] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6017] exit_group(0)               = ?
[pid  6017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs")                 = 0
umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./57/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./57")                           = 0
mkdir("./58", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached
, child_tidptr=0x55556f9b6750) = 6021
[pid  6021] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6021] chdir("./58")               = 0
[pid  6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6021] setpgid(0, 0)               = 0
[pid  6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6021] write(3, "1000", 4)         = 4
[pid  6021] close(3)                    = 0
[pid  6021] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6021] write(1, "executing program\n", 18) = 18
[pid  6021] memfd_create("syzkaller", 0) = 3
[pid  6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6021] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6021] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6021] close(3)                    = 0
[pid  6021] close(4)                    = 0
[pid  6021] mkdir("./bus", 0777)        = 0
[  109.782132][ T6021] loop0: detected capacity change from 0 to 512
[pid  6021] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6021] chdir("./bus")              = 0
[pid  6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6021] mkdir("./bus", 0777)        = 0
[pid  6021] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6021] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6021] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6021] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6021] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[  109.854219][ T6021] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/58/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  109.881777][   T29] kauditd_printk_skb: 21 callbacks suppressed
[pid  6021] exit_group(0)               = ?
[pid  6021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[  109.881800][   T29] audit: type=1800 audit(1729998454.591:119): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs")                 = 0
umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./58/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./58")                           = 0
mkdir("./59", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached
 <unfinished ...>
[pid  6024] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6024
[pid  6024] <... set_robust_list resumed>) = 0
[pid  6024] chdir("./59")               = 0
[pid  6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6024] setpgid(0, 0)               = 0
[pid  6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6024] write(3, "1000", 4)         = 4
[pid  6024] close(3)                    = 0
[pid  6024] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6024] write(1, "executing program\n", 18) = 18
[pid  6024] memfd_create("syzkaller", 0) = 3
[pid  6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6024] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6024] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6024] close(3)                    = 0
[pid  6024] close(4)                    = 0
[pid  6024] mkdir("./bus", 0777)        = 0
[  110.225828][ T6024] loop0: detected capacity change from 0 to 512
[pid  6024] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6024] chdir("./bus")              = 0
[pid  6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6024] mkdir("./bus", 0777)        = 0
[pid  6024] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6024] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6024] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6024] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[  110.294379][ T6024] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/59/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6024] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6024] exit_group(0)               = ?
[pid  6024] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[  110.330154][   T29] audit: type=1800 audit(1729998455.031:120): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  110.351270][   T29] audit: type=1800 audit(1729998455.031:121): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs")                 = 0
umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./59/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./59")                           = 0
mkdir("./60", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached
 <unfinished ...>
[pid  6027] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6027
[pid  6027] <... set_robust_list resumed>) = 0
[pid  6027] chdir("./60")               = 0
[pid  6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6027] setpgid(0, 0)               = 0
[pid  6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6027] write(3, "1000", 4)         = 4
[pid  6027] close(3)                    = 0
[pid  6027] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6027] write(1, "executing program\n", 18) = 18
[pid  6027] memfd_create("syzkaller", 0) = 3
[pid  6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6027] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6027] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6027] close(3)                    = 0
[pid  6027] close(4)                    = 0
[pid  6027] mkdir("./bus", 0777)        = 0
[  110.716888][ T6027] loop0: detected capacity change from 0 to 512
[pid  6027] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6027] chdir("./bus")              = 0
[pid  6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6027] mkdir("./bus", 0777)        = 0
[pid  6027] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  110.764077][ T6027] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/60/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6027] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6027] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6027] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6027] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6027] exit_group(0)               = ?
[pid  6027] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[  110.840411][   T29] audit: type=1800 audit(1729998455.541:122): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  110.861397][   T29] audit: type=1800 audit(1729998455.551:123): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs")                 = 0
umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./60/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./60")                           = 0
mkdir("./61", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached
 <unfinished ...>
[pid  6030] set_robust_list(0x55556f9b6760, 24 <unfinished ...>
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6030
[pid  6030] <... set_robust_list resumed>) = 0
[pid  6030] chdir("./61")               = 0
[pid  6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6030] setpgid(0, 0)               = 0
[pid  6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6030] write(3, "1000", 4)         = 4
[pid  6030] close(3executing program
)                    = 0
[pid  6030] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6030] write(1, "executing program\n", 18) = 18
[pid  6030] memfd_create("syzkaller", 0) = 3
[pid  6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6030] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6030] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6030] close(3)                    = 0
[pid  6030] close(4)                    = 0
[pid  6030] mkdir("./bus", 0777)        = 0
[pid  6030] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[  111.067485][ T6030] loop0: detected capacity change from 0 to 512
[  111.104094][ T6030] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/61/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6030] chdir("./bus")              = 0
[pid  6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6030] mkdir("./bus", 0777)        = 0
[pid  6030] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6030] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6030] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6030] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6030] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6030] exit_group(0)               = ?
[pid  6030] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[  111.176986][   T29] audit: type=1800 audit(1729998455.881:124): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  111.198211][   T29] audit: type=1800 audit(1729998455.881:125): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs")                 = 0
umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./61/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./61")                           = 0
mkdir("./62", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached
, child_tidptr=0x55556f9b6750) = 6033
[pid  6033] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6033] chdir("./62")               = 0
[pid  6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6033] setpgid(0, 0)               = 0
[pid  6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6033] write(3, "1000", 4)         = 4
[pid  6033] close(3executing program
)                    = 0
[pid  6033] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6033] write(1, "executing program\n", 18) = 18
[pid  6033] memfd_create("syzkaller", 0) = 3
[pid  6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6033] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6033] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6033] close(3)                    = 0
[pid  6033] close(4)                    = 0
[pid  6033] mkdir("./bus", 0777)        = 0
[  111.386241][ T6033] loop0: detected capacity change from 0 to 512
[pid  6033] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6033] chdir("./bus")              = 0
[pid  6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6033] mkdir("./bus", 0777)        = 0
[pid  6033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6033] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[  111.444323][ T6033] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/62/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6033] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6033] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6033] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6033] exit_group(0)               = ?
[pid  6033] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[  111.526676][   T29] audit: type=1800 audit(1729998456.231:126): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
[  111.547842][   T29] audit: type=1800 audit(1729998456.231:127): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file2" dev="loop0" ino=16 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs")                 = 0
umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./62/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./62")                           = 0
mkdir("./63", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6036 attached
, child_tidptr=0x55556f9b6750) = 6036
[pid  6036] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6036] chdir("./63")               = 0
[pid  6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6036] setpgid(0, 0)               = 0
[pid  6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6036] write(3, "1000", 4)         = 4
[pid  6036] close(3)                    = 0
[pid  6036] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6036] write(1, "executing program\n", 18executing program
) = 18
[pid  6036] memfd_create("syzkaller", 0) = 3
[pid  6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6036] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6036] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6036] close(3)                    = 0
[pid  6036] close(4)                    = 0
[pid  6036] mkdir("./bus", 0777)        = 0
[  111.759037][ T6036] loop0: detected capacity change from 0 to 512
[pid  6036] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6036] chdir("./bus")              = 0
[pid  6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6036] mkdir("./bus", 0777)        = 0
[pid  6036] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  111.804249][ T6036] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/63/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6036] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6036] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6036] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6036] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6036] exit_group(0)               = ?
[pid  6036] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  111.887507][   T29] audit: type=1800 audit(1729998456.591:128): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor372" name="file1" dev="loop0" ino=15 res=0 errno=0
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs")                 = 0
umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./63/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./63")                           = 0
mkdir("./64", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached
, child_tidptr=0x55556f9b6750) = 6039
[pid  6039] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6039] chdir("./64")               = 0
[pid  6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6039] setpgid(0, 0)               = 0
[pid  6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6039] write(3, "1000", 4)         = 4
[pid  6039] close(3)                    = 0
[pid  6039] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6039] write(1, "executing program\n", 18) = 18
[pid  6039] memfd_create("syzkaller", 0) = 3
[pid  6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6039] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6039] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6039] close(3)                    = 0
[pid  6039] close(4)                    = 0
[pid  6039] mkdir("./bus", 0777)        = 0
[  112.125076][ T6039] loop0: detected capacity change from 0 to 512
[pid  6039] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6039] chdir("./bus")              = 0
[pid  6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6039] mkdir("./bus", 0777)        = 0
[pid  6039] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[  112.174054][ T6039] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/64/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6039] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6039] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6039] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[pid  6039] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6039] exit_group(0)               = ?
[pid  6039] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs")                 = 0
umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./64/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./64")                           = 0
mkdir("./65", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached
 <unfinished ...>
[pid  6042] set_robust_list(0x55556f9b6760, 24) = 0
[pid  5842] <... clone resumed>, child_tidptr=0x55556f9b6750) = 6042
[pid  6042] chdir("./65")               = 0
[pid  6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6042] setpgid(0, 0)               = 0
[pid  6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6042] write(3, "1000", 4)         = 4
[pid  6042] close(3)                    = 0
[pid  6042] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  6042] write(1, "executing program\n", 18) = 18
[pid  6042] memfd_create("syzkaller", 0) = 3
[pid  6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6042] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6042] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6042] close(3)                    = 0
[pid  6042] close(4)                    = 0
[pid  6042] mkdir("./bus", 0777)        = 0
[  112.455731][ T6042] loop0: detected capacity change from 0 to 512
[pid  6042] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6042] chdir("./bus")              = 0
[pid  6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6042] mkdir("./bus", 0777)        = 0
[pid  6042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6042] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6042] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6042] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[  112.514233][ T6042] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/65/bus supports timestamps until 2038-01-19 (0x7fffffff)
[pid  6042] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000240) = -1 EINVAL (Invalid argument)
[pid  6042] exit_group(0)               = ?
[pid  6042] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556f9b77f0 /* 4 entries */, 32768) = 104
umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs")                 = 0
umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556f9bf830 /* 2 entries */, 32768) = 48
getdents64(4, 0x55556f9bf830 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./65/bus")                       = 0
getdents64(3, 0x55556f9b77f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./65")                           = 0
mkdir("./66", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached
, child_tidptr=0x55556f9b6750) = 6045
[pid  6045] set_robust_list(0x55556f9b6760, 24) = 0
[pid  6045] chdir("./66")               = 0
[pid  6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  6045] setpgid(0, 0)               = 0
[pid  6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  6045] write(3, "1000", 4)         = 4
[pid  6045] close(3)                    = 0
[pid  6045] symlink("/dev/binderfs", "./binderfs") = 0
[pid  6045] write(1, "executing program\n", 18) = 18
executing program
[pid  6045] memfd_create("syzkaller", 0) = 3
[pid  6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f46e00000
[pid  6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  6045] munmap(0x7f4f46e00000, 138412032) = 0
[pid  6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  6045] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  6045] close(3)                    = 0
[pid  6045] close(4)                    = 0
[pid  6045] mkdir("./bus", 0777)        = 0
[  112.772813][ T6045] loop0: detected capacity change from 0 to 512
[pid  6045] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0
[pid  6045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  6045] chdir("./bus")              = 0
[pid  6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  6045] mkdir("./bus", 0777)        = 0
[pid  6045] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  6045] mkdirat(AT_FDCWD, "./bus/file0", 000) = 0
[pid  6045] setxattr("./bus/file0", "security.apparmor", "\x6f\x76\x65\x72\x6c\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x61\x70\x70\x61\x72\x6d\x6f\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 58375, 0) = 0
[pid  6045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|FASYNC, 000) = 4
[pid  6045] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 5
[  112.824709][ T6045] ext4 filesystem being mounted at /root/syzkaller.KIJz6a/66/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  112.891300][ T6045] ------------[ cut here ]------------
[  112.896782][ T6045] Looking for class "&ei->i_data_sem" with key __key.0, but found a different class "&ei->i_data_sem" with the same key
[  112.909396][ T6045] WARNING: CPU: 1 PID: 6045 at kernel/locking/lockdep.c:936 look_up_lock_class+0x140/0x150
[  112.919414][ T6045] Modules linked in:
[  112.923309][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz-executor372 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  112.934428][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  112.944589][ T6045] RIP: 0010:look_up_lock_class+0x140/0x150
[  112.950425][ T6045] Code: c7 c7 e0 cf 6c 8b e8 df 6c 2d f6 90 0f 0b 90 90 90 31 db eb be c6 05 77 25 27 05 01 90 48 c7 c7 c0 d2 6c 8b e8 c1 6c 2d f6 90 <0f> 0b 90 90 e9 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90
[  112.970060][ T6045] RSP: 0018:ffffc90003ec7658 EFLAGS: 00010082
[  112.976135][ T6045] RAX: 0000000000000000 RBX: ffffffff96e7ab00 RCX: ffffffff814e71c9
[  112.984108][ T6045] RDX: ffff88802fc13c00 RSI: ffffffff814e71d6 RDI: 0000000000000001
[  112.992081][ T6045] RBP: ffffffff9a8f32c1 R08: 0000000000000001 R09: 0000000000000000
[  113.000052][ T6045] R10: 0000000000000000 R11: 20676e696b6f6f4c R12: ffff8880749a2040
[  113.008023][ T6045] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff9a824820
[  113.015994][ T6045] FS:  000055556f9b6480(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  113.024929][ T6045] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.031602][ T6045] CR2: 000000002000e000 CR3: 00000000253e8000 CR4: 0000000000350ef0
[  113.039577][ T6045] Call Trace:
[  113.042852][ T6045]  <TASK>
[  113.045780][ T6045]  ? __warn+0xea/0x3d0
[  113.049871][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.055514][ T6045]  ? look_up_lock_class+0x140/0x150
[  113.060735][ T6045]  ? report_bug+0x3c0/0x580
[  113.065264][ T6045]  ? handle_bug+0x54/0xa0
[  113.069607][ T6045]  ? exc_invalid_op+0x17/0x50
[  113.074298][ T6045]  ? asm_exc_invalid_op+0x1a/0x20
[  113.079346][ T6045]  ? __warn_printk+0x199/0x350
[  113.084130][ T6045]  ? __warn_printk+0x1a6/0x350
[  113.089028][ T6045]  ? look_up_lock_class+0x140/0x150
[  113.094291][ T6045]  ? look_up_lock_class+0x13f/0x150
[  113.099520][ T6045]  ? register_lock_class+0xb1/0x1240
[  113.104819][ T6045]  register_lock_class+0xb1/0x1240
[  113.109942][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.115584][ T6045]  ? find_held_lock+0x2d/0x110
[  113.120361][ T6045]  ? __pfx_register_lock_class+0x10/0x10
[  113.126003][ T6045]  ? __pfx_register_lock_class+0x10/0x10
[  113.131638][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.137279][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.142920][ T6045]  __lock_acquire+0x135/0x3ce0
[  113.147696][ T6045]  ? __pfx___lock_acquire+0x10/0x10
[  113.152896][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.158536][ T6045]  ? kernel_text_address+0x8d/0x100
[  113.163741][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.169383][ T6045]  lock_acquire.part.0+0x11b/0x380
[  113.174498][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.179706][ T6045]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  113.185343][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.190979][ T6045]  ? rcu_is_watching+0x12/0xc0
[  113.195762][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.201398][ T6045]  ? trace_lock_acquire+0x14a/0x1d0
[  113.206610][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.212256][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.217459][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.223095][ T6045]  ? lock_acquire+0x2f/0xb0
[  113.227599][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.232807][ T6045]  down_write_nested+0x97/0x210
[  113.237687][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.242905][ T6045]  ? __pfx_down_write_nested+0x10/0x10
[  113.248396][ T6045]  ? hlock_class+0x4e/0x130
[  113.252912][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.258571][ T6045]  ext4_move_extents+0x3e1/0x3940
[  113.263606][ T6045]  ? __pfx___lock_acquire+0x10/0x10
[  113.268813][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.274452][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.280089][ T6045]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  113.285727][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.291367][ T6045]  ? rcu_is_watching+0x12/0xc0
[  113.296162][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.301798][ T6045]  ? trace_lock_acquire+0x14a/0x1d0
[  113.307008][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.312646][ T6045]  ? __pfx_ext4_move_extents+0x10/0x10
[  113.318115][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.323756][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.329401][ T6045]  __ext4_ioctl+0x3b00/0x4630
[  113.334090][ T6045]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  113.340099][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.345737][ T6045]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.351662][ T6045]  ? __pfx___ext4_ioctl+0x10/0x10
[  113.356696][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.362333][ T6045]  ? do_vfs_ioctl+0x513/0x1990
[  113.367107][ T6045]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  113.372142][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.377780][ T6045]  ? do_raw_spin_lock+0x12d/0x2c0
[  113.382825][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.388474][ T6045]  ? __pfx_ext4_ioctl+0x10/0x10
[  113.393338][ T6045]  __x64_sys_ioctl+0x192/0x220
[  113.398114][ T6045]  do_syscall_64+0xcd/0x250
[  113.402624][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.408540][ T6045] RIP: 0033:0x7f4f4f2ecaa9
[  113.412957][ T6045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  113.432587][ T6045] RSP: 002b:00007ffef2de1e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  113.441007][ T6045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4f4f2ecaa9
[  113.448978][ T6045] RDX: 0000000020000240 RSI: 00000000c028660f RDI: 0000000000000005
[  113.456948][ T6045] RBP: 0000000000000000 R08: 00007ffef2de1e9c R09: 00007ffef2de1e9c
[  113.464920][ T6045] R10: 00007ffef2de1e9c R11: 0000000000000246 R12: 00007ffef2de1e9c
[  113.472909][ T6045] R13: 0000000000000042 R14: 431bde82d7b634db R15: 00007ffef2de1ed0
[  113.480907][ T6045]  </TASK>
[  113.483924][ T6045] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  113.491196][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz-executor372 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  113.502325][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  113.512377][ T6045] Call Trace:
[  113.515673][ T6045]  <TASK>
[  113.518606][ T6045]  dump_stack_lvl+0x3d/0x1f0
[  113.523217][ T6045]  panic+0x71d/0x800
[  113.527132][ T6045]  ? __pfx_panic+0x10/0x10
[  113.531565][ T6045]  ? show_trace_log_lvl+0x29d/0x3d0
[  113.536779][ T6045]  ? check_panic_on_warn+0x1f/0xb0
[  113.541931][ T6045]  ? look_up_lock_class+0x140/0x150
[  113.547178][ T6045]  check_panic_on_warn+0xab/0xb0
[  113.552138][ T6045]  __warn+0xf6/0x3d0
[  113.556053][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.561695][ T6045]  ? look_up_lock_class+0x140/0x150
[  113.566918][ T6045]  report_bug+0x3c0/0x580
[  113.571290][ T6045]  handle_bug+0x54/0xa0
[  113.575455][ T6045]  exc_invalid_op+0x17/0x50
[  113.579970][ T6045]  asm_exc_invalid_op+0x1a/0x20
[  113.584842][ T6045] RIP: 0010:look_up_lock_class+0x140/0x150
[  113.590675][ T6045] Code: c7 c7 e0 cf 6c 8b e8 df 6c 2d f6 90 0f 0b 90 90 90 31 db eb be c6 05 77 25 27 05 01 90 48 c7 c7 c0 d2 6c 8b e8 c1 6c 2d f6 90 <0f> 0b 90 90 e9 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90
[  113.610287][ T6045] RSP: 0018:ffffc90003ec7658 EFLAGS: 00010082
[  113.616360][ T6045] RAX: 0000000000000000 RBX: ffffffff96e7ab00 RCX: ffffffff814e71c9
[  113.624418][ T6045] RDX: ffff88802fc13c00 RSI: ffffffff814e71d6 RDI: 0000000000000001
[  113.632388][ T6045] RBP: ffffffff9a8f32c1 R08: 0000000000000001 R09: 0000000000000000
[  113.640360][ T6045] R10: 0000000000000000 R11: 20676e696b6f6f4c R12: ffff8880749a2040
[  113.648349][ T6045] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff9a824820
[  113.656325][ T6045]  ? __warn_printk+0x199/0x350
[  113.661113][ T6045]  ? __warn_printk+0x1a6/0x350
[  113.665906][ T6045]  ? look_up_lock_class+0x13f/0x150
[  113.671214][ T6045]  ? register_lock_class+0xb1/0x1240
[  113.676507][ T6045]  register_lock_class+0xb1/0x1240
[  113.681622][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.687265][ T6045]  ? find_held_lock+0x2d/0x110
[  113.692045][ T6045]  ? __pfx_register_lock_class+0x10/0x10
[  113.697690][ T6045]  ? __pfx_register_lock_class+0x10/0x10
[  113.703329][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.708970][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.714612][ T6045]  __lock_acquire+0x135/0x3ce0
[  113.719476][ T6045]  ? __pfx___lock_acquire+0x10/0x10
[  113.724694][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.730332][ T6045]  ? kernel_text_address+0x8d/0x100
[  113.735550][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.741193][ T6045]  lock_acquire.part.0+0x11b/0x380
[  113.746308][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.751513][ T6045]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  113.757148][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.762786][ T6045]  ? rcu_is_watching+0x12/0xc0
[  113.767560][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.773285][ T6045]  ? trace_lock_acquire+0x14a/0x1d0
[  113.778497][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.784134][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.789339][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.794980][ T6045]  ? lock_acquire+0x2f/0xb0
[  113.799484][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.804692][ T6045]  down_write_nested+0x97/0x210
[  113.809552][ T6045]  ? ext4_move_extents+0x3e1/0x3940
[  113.814761][ T6045]  ? __pfx_down_write_nested+0x10/0x10
[  113.820234][ T6045]  ? hlock_class+0x4e/0x130
[  113.824750][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.830394][ T6045]  ext4_move_extents+0x3e1/0x3940
[  113.835430][ T6045]  ? __pfx___lock_acquire+0x10/0x10
[  113.840635][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.846278][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.851921][ T6045]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  113.857559][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.863206][ T6045]  ? rcu_is_watching+0x12/0xc0
[  113.867985][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.873643][ T6045]  ? trace_lock_acquire+0x14a/0x1d0
[  113.878863][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.884509][ T6045]  ? __pfx_ext4_move_extents+0x10/0x10
[  113.889975][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.895616][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.901260][ T6045]  __ext4_ioctl+0x3b00/0x4630
[  113.905954][ T6045]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  113.911954][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.917592][ T6045]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.923514][ T6045]  ? __pfx___ext4_ioctl+0x10/0x10
[  113.928551][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.934190][ T6045]  ? do_vfs_ioctl+0x513/0x1990
[  113.938982][ T6045]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  113.944017][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.949660][ T6045]  ? do_raw_spin_lock+0x12d/0x2c0
[  113.954706][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  113.960353][ T6045]  ? __pfx_ext4_ioctl+0x10/0x10
[  113.965216][ T6045]  __x64_sys_ioctl+0x192/0x220
[  113.969993][ T6045]  do_syscall_64+0xcd/0x250
[  113.974504][ T6045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.980421][ T6045] RIP: 0033:0x7f4f4f2ecaa9
[  113.984837][ T6045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  114.004633][ T6045] RSP: 002b:00007ffef2de1e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  114.013062][ T6045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4f4f2ecaa9
[  114.021037][ T6045] RDX: 0000000020000240 RSI: 00000000c028660f RDI: 0000000000000005
[  114.029015][ T6045] RBP: 0000000000000000 R08: 00007ffef2de1e9c R09: 00007ffef2de1e9c
[  114.037007][ T6045] R10: 00007ffef2de1e9c R11: 0000000000000246 R12: 00007ffef2de1e9c
[  114.044981][ T6045] R13: 0000000000000042 R14: 431bde82d7b634db R15: 00007ffef2de1ed0
[  114.052966][ T6045]  </TASK>
[  114.056244][ T6045] Kernel Offset: disabled
[  114.060573][ T6045] Rebooting in 86400 seconds..