./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2352476005
<...>
DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89
forked to background, child pid 3209
[ 29.646208][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[ 29.655624][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts.
execve("./syz-executor2352476005", ["./syz-executor2352476005"], 0x7ffe0ba95d20 /* 10 vars */) = 0
brk(NULL) = 0x555556e31000
brk(0x555556e31c40) = 0x555556e31c40
arch_prctl(ARCH_SET_FS, 0x555556e31300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2352476005", 4096) = 28
brk(0x555556e52c40) = 0x555556e52c40
brk(0x555556e53000) = 0x555556e53000
mprotect(0x7ff05ed2a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 3637
mkdir("./syzkaller.HRM26d", 0700) = 0
chmod("./syzkaller.HRM26d", 0777) = 0
chdir("./syzkaller.HRM26d") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3638
./strace-static-x86_64: Process 3638 attached
[pid 3638] chdir("./0") = 0
[pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3638] setpgid(0, 0) = 0
[pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3638] write(3, "1000", 4) = 4
[pid 3638] close(3) = 0
[pid 3638] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3638] memfd_create("syzkaller", 0) = 3
[pid 3638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3638] munmap(0x7ff05686f000, 262144) = 0
[pid 3638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3638] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3638] close(3) = 0
[pid 3638] mkdir("./file0", 0777) = 0
syzkaller login: [ 52.338659][ T3638] loop0: detected capacity change from 0 to 512
[ 52.348496][ T3638] =======================================================
[ 52.348496][ T3638] WARNING: The mand mount option has been deprecated and
[ 52.348496][ T3638] and is ignored by this kernel. Remove the mand
[ 52.348496][ T3638] option from the mount to silence this warning.
[ 52.348496][ T3638] =======================================================
[pid 3638] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3638] chdir("./file0") = 0
[pid 3638] ioctl(4, LOOP_CLR_FD) = 0
[pid 3638] close(4) = 0
[pid 3638] exit_group(0) = ?
[pid 3638] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 52.386217][ T3638] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 52.401561][ T3638] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 52.415913][ T3638] EXT4-fs (loop0): 1 truncate cleaned up
[ 52.424958][ T3638] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3642
./strace-static-x86_64: Process 3642 attached
[pid 3642] chdir("./1") = 0
[pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3642] setpgid(0, 0) = 0
[pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3642] write(3, "1000", 4) = 4
[pid 3642] close(3) = 0
[pid 3642] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3642] memfd_create("syzkaller", 0) = 3
[pid 3642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3642] munmap(0x7ff05686f000, 262144) = 0
[pid 3642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 52.458171][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3642] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3642] close(3) = 0
[pid 3642] mkdir("./file0", 0777) = 0
[ 52.499775][ T3642] loop0: detected capacity change from 0 to 512
[ 52.513385][ T3642] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 52.524824][ T3642] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3642] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3642] chdir("./file0") = 0
[pid 3642] ioctl(4, LOOP_CLR_FD) = 0
[pid 3642] close(4) = 0
[pid 3642] exit_group(0) = ?
[pid 3642] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3644
./strace-static-x86_64: Process 3644 attached
[pid 3644] chdir("./2") = 0
[pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3644] setpgid(0, 0) = 0
[pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3644] write(3, "1000", 4) = 4
[pid 3644] close(3) = 0
[pid 3644] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3644] memfd_create("syzkaller", 0) = 3
[pid 3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3644] munmap(0x7ff05686f000, 262144) = 0
[pid 3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 52.554873][ T3642] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.585943][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3644] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3644] close(3) = 0
[pid 3644] mkdir("./file0", 0777) = 0
[ 52.624290][ T3644] loop0: detected capacity change from 0 to 512
[ 52.642984][ T3644] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 52.654389][ T3644] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3644] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3644] chdir("./file0") = 0
[pid 3644] ioctl(4, LOOP_CLR_FD) = 0
[pid 3644] close(4) = 0
[pid 3644] exit_group(0) = ?
[pid 3644] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3646
./strace-static-x86_64: Process 3646 attached
[pid 3646] chdir("./3") = 0
[pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3646] setpgid(0, 0) = 0
[pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3646] write(3, "1000", 4) = 4
[pid 3646] close(3) = 0
[pid 3646] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3646] memfd_create("syzkaller", 0) = 3
[pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 52.685096][ T3644] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.715910][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3646] munmap(0x7ff05686f000, 262144) = 0
[pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3646] close(3) = 0
[pid 3646] mkdir("./file0", 0777) = 0
[ 52.771975][ T3646] loop0: detected capacity change from 0 to 512
[ 52.785499][ T3646] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 52.795624][ T3646] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3646] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3646] chdir("./file0") = 0
[pid 3646] ioctl(4, LOOP_CLR_FD) = 0
[pid 3646] close(4) = 0
[pid 3646] exit_group(0) = ?
[pid 3646] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3648
./strace-static-x86_64: Process 3648 attached
[pid 3648] chdir("./4") = 0
[pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3648] setpgid(0, 0) = 0
[pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3648] write(3, "1000", 4) = 4
[pid 3648] close(3) = 0
[pid 3648] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3648] memfd_create("syzkaller", 0) = 3
[pid 3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 52.824659][ T3646] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.858302][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3648] munmap(0x7ff05686f000, 262144) = 0
[pid 3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3648] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3648] close(3) = 0
[pid 3648] mkdir("./file0", 0777) = 0
[ 52.909048][ T3648] loop0: detected capacity change from 0 to 512
[ 52.922655][ T3648] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 52.932296][ T3648] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3648] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3648] chdir("./file0") = 0
[pid 3648] ioctl(4, LOOP_CLR_FD) = 0
[pid 3648] close(4) = 0
[pid 3648] exit_group(0) = ?
[pid 3648] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3650
./strace-static-x86_64: Process 3650 attached
[pid 3650] chdir("./5") = 0
[pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3650] setpgid(0, 0) = 0
[pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3650] write(3, "1000", 4) = 4
[pid 3650] close(3) = 0
[pid 3650] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3650] memfd_create("syzkaller", 0) = 3
[pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3650] munmap(0x7ff05686f000, 262144) = 0
[pid 3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 52.974813][ T3648] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 53.002592][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3650] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3650] close(3) = 0
[pid 3650] mkdir("./file0", 0777) = 0
[pid 3650] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3650] chdir("./file0") = 0
[pid 3650] ioctl(4, LOOP_CLR_FD) = 0
[pid 3650] close(4) = 0
[pid 3650] exit_group(0) = ?
[pid 3650] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 53.048299][ T3650] loop0: detected capacity change from 0 to 512
[ 53.060053][ T3650] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.070544][ T3650] EXT4-fs (loop0): 1 truncate cleaned up
[ 53.085168][ T3650] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3652 attached
, child_tidptr=0x555556e315d0) = 3652
[pid 3652] chdir("./6") = 0
[pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3652] setpgid(0, 0) = 0
[pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3652] write(3, "1000", 4) = 4
[pid 3652] close(3) = 0
[pid 3652] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3652] memfd_create("syzkaller", 0) = 3
[pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3652] munmap(0x7ff05686f000, 262144) = 0
[pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.116717][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3652] close(3) = 0
[pid 3652] mkdir("./file0", 0777) = 0
[pid 3652] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3652] chdir("./file0") = 0
[pid 3652] ioctl(4, LOOP_CLR_FD) = 0
[pid 3652] close(4) = 0
[pid 3652] exit_group(0) = ?
[pid 3652] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
[ 53.171248][ T3652] loop0: detected capacity change from 0 to 512
[ 53.182978][ T3652] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.193898][ T3652] EXT4-fs (loop0): 1 truncate cleaned up
[ 53.208029][ T3652] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3654
./strace-static-x86_64: Process 3654 attached
[pid 3654] chdir("./7") = 0
[pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3654] setpgid(0, 0) = 0
[pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3654] write(3, "1000", 4) = 4
[pid 3654] close(3) = 0
[pid 3654] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3654] memfd_create("syzkaller", 0) = 3
[pid 3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3654] munmap(0x7ff05686f000, 262144) = 0
[pid 3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.239410][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3654] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3654] close(3) = 0
[pid 3654] mkdir("./file0", 0777) = 0
[ 53.292912][ T3654] loop0: detected capacity change from 0 to 512
[ 53.305727][ T3654] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.314755][ T3654] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3654] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3654] chdir("./file0") = 0
[pid 3654] ioctl(4, LOOP_CLR_FD) = 0
[pid 3654] close(4) = 0
[pid 3654] exit_group(0) = ?
[pid 3654] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3656
./strace-static-x86_64: Process 3656 attached
[pid 3656] chdir("./8") = 0
[pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3656] setpgid(0, 0) = 0
[pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3656] write(3, "1000", 4) = 4
[pid 3656] close(3) = 0
[pid 3656] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3656] memfd_create("syzkaller", 0) = 3
[pid 3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3656] munmap(0x7ff05686f000, 262144) = 0
[pid 3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.344822][ T3654] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 53.377230][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3656] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3656] close(3) = 0
[pid 3656] mkdir("./file0", 0777) = 0
[ 53.413824][ T3656] loop0: detected capacity change from 0 to 512
[ 53.427320][ T3656] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.437867][ T3656] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3656] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3656] chdir("./file0") = 0
[pid 3656] ioctl(4, LOOP_CLR_FD) = 0
[pid 3656] close(4) = 0
[pid 3656] exit_group(0) = ?
[pid 3656] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3658
./strace-static-x86_64: Process 3658 attached
[pid 3658] chdir("./9") = 0
[pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3658] setpgid(0, 0) = 0
[pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3658] write(3, "1000", 4) = 4
[pid 3658] close(3) = 0
[pid 3658] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3658] memfd_create("syzkaller", 0) = 3
[pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3658] munmap(0x7ff05686f000, 262144) = 0
[pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.464806][ T3656] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 53.495019][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3658] close(3) = 0
[pid 3658] mkdir("./file0", 0777) = 0
[pid 3658] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3658] chdir("./file0") = 0
[pid 3658] ioctl(4, LOOP_CLR_FD) = 0
[pid 3658] close(4) = 0
[pid 3658] exit_group(0) = ?
[pid 3658] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
[ 53.542890][ T3658] loop0: detected capacity change from 0 to 512
[ 53.556179][ T3658] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.566131][ T3658] EXT4-fs (loop0): 1 truncate cleaned up
[ 53.579314][ T3658] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3660
./strace-static-x86_64: Process 3660 attached
[pid 3660] chdir("./10") = 0
[pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3660] setpgid(0, 0) = 0
[pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3660] write(3, "1000", 4) = 4
[pid 3660] close(3) = 0
[pid 3660] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3660] memfd_create("syzkaller", 0) = 3
[pid 3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3660] munmap(0x7ff05686f000, 262144) = 0
[pid 3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3660] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3660] close(3) = 0
[pid 3660] mkdir("./file0", 0777) = 0
[ 53.615398][ T3637] EXT4-fs (loop0): unmounting filesystem.
[ 53.653153][ T3660] loop0: detected capacity change from 0 to 512
[pid 3660] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3660] chdir("./file0") = 0
[pid 3660] ioctl(4, LOOP_CLR_FD) = 0
[pid 3660] close(4) = 0
[pid 3660] exit_group(0) = ?
[pid 3660] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
[ 53.674326][ T3660] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.684404][ T3660] EXT4-fs (loop0): 1 truncate cleaned up
[ 53.693980][ T3660] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3662
./strace-static-x86_64: Process 3662 attached
[pid 3662] chdir("./11") = 0
[pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3662] setpgid(0, 0) = 0
[pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3662] write(3, "1000", 4) = 4
[pid 3662] close(3) = 0
[pid 3662] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3662] memfd_create("syzkaller", 0) = 3
[pid 3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3662] munmap(0x7ff05686f000, 262144) = 0
[pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.726734][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3662] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3662] close(3) = 0
[pid 3662] mkdir("./file0", 0777) = 0
[ 53.773680][ T3662] loop0: detected capacity change from 0 to 512
[ 53.786003][ T3662] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.796052][ T3662] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3662] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3662] chdir("./file0") = 0
[pid 3662] ioctl(4, LOOP_CLR_FD) = 0
[pid 3662] close(4) = 0
[pid 3662] exit_group(0) = ?
[pid 3662] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3664
./strace-static-x86_64: Process 3664 attached
[pid 3664] chdir("./12") = 0
[pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3664] setpgid(0, 0) = 0
[pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3664] write(3, "1000", 4) = 4
[pid 3664] close(3) = 0
[pid 3664] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3664] memfd_create("syzkaller", 0) = 3
[ 53.824852][ T3662] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 53.847387][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3664] munmap(0x7ff05686f000, 262144) = 0
[pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3664] close(3) = 0
[pid 3664] mkdir("./file0", 0777) = 0
[ 53.886828][ T3664] loop0: detected capacity change from 0 to 512
[ 53.892721][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 53.910235][ T3664] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 53.921882][ T3664] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3664] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3664] chdir("./file0") = 0
[pid 3664] ioctl(4, LOOP_CLR_FD) = 0
[pid 3664] close(4) = 0
[pid 3664] exit_group(0) = ?
[pid 3664] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3666
./strace-static-x86_64: Process 3666 attached
[pid 3666] chdir("./13") = 0
[pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3666] setpgid(0, 0) = 0
[pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3666] write(3, "1000", 4) = 4
[pid 3666] close(3) = 0
[pid 3666] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3666] memfd_create("syzkaller", 0) = 3
[pid 3666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3666] munmap(0x7ff05686f000, 262144) = 0
[pid 3666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.934936][ T3664] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 53.954279][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3666] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3666] close(3) = 0
[pid 3666] mkdir("./file0", 0777) = 0
[ 53.991411][ T3666] loop0: detected capacity change from 0 to 512
[ 54.004405][ T3666] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.014989][ T3666] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3666] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3666] chdir("./file0") = 0
[pid 3666] ioctl(4, LOOP_CLR_FD) = 0
[pid 3666] close(4) = 0
[pid 3666] exit_group(0) = ?
[pid 3666] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3668 attached
, child_tidptr=0x555556e315d0) = 3668
[pid 3668] chdir("./14") = 0
[pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3668] setpgid(0, 0) = 0
[pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3668] write(3, "1000", 4) = 4
[pid 3668] close(3) = 0
[pid 3668] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3668] memfd_create("syzkaller", 0) = 3
[pid 3668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 54.044824][ T3666] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 54.077680][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3668] munmap(0x7ff05686f000, 262144) = 0
[pid 3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3668] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3668] close(3) = 0
[pid 3668] mkdir("./file0", 0777) = 0
[pid 3668] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3668] chdir("./file0") = 0
[pid 3668] ioctl(4, LOOP_CLR_FD) = 0
[pid 3668] close(4) = 0
[pid 3668] exit_group(0) = ?
[pid 3668] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
[ 54.129568][ T3668] loop0: detected capacity change from 0 to 512
[ 54.141568][ T3668] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.152021][ T3668] EXT4-fs (loop0): 1 truncate cleaned up
[ 54.164838][ T3668] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3670
./strace-static-x86_64: Process 3670 attached
[pid 3670] chdir("./15") = 0
[pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3670] setpgid(0, 0) = 0
[pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3670] write(3, "1000", 4) = 4
[pid 3670] close(3) = 0
[pid 3670] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3670] memfd_create("syzkaller", 0) = 3
[pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3670] munmap(0x7ff05686f000, 262144) = 0
[pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 54.200254][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3670] close(3) = 0
[pid 3670] mkdir("./file0", 0777) = 0
[ 54.255462][ T3670] loop0: detected capacity change from 0 to 512
[ 54.268332][ T3670] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.278350][ T3670] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3670] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3670] chdir("./file0") = 0
[pid 3670] ioctl(4, LOOP_CLR_FD) = 0
[pid 3670] close(4) = 0
[pid 3670] exit_group(0) = ?
[pid 3670] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3672
./strace-static-x86_64: Process 3672 attached
[pid 3672] chdir("./16") = 0
[pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3672] setpgid(0, 0) = 0
[pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 54.304728][ T3670] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 54.337041][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3672] write(3, "1000", 4) = 4
[pid 3672] close(3) = 0
[pid 3672] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3672] memfd_create("syzkaller", 0) = 3
[pid 3672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3672] munmap(0x7ff05686f000, 262144) = 0
[pid 3672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3672] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3672] close(3) = 0
[pid 3672] mkdir("./file0", 0777) = 0
[ 54.395286][ T3672] loop0: detected capacity change from 0 to 512
[ 54.408740][ T3672] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.419033][ T3672] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3672] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3672] chdir("./file0") = 0
[pid 3672] ioctl(4, LOOP_CLR_FD) = 0
[pid 3672] close(4) = 0
[pid 3672] exit_group(0) = ?
[pid 3672] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3674
./strace-static-x86_64: Process 3674 attached
[pid 3674] chdir("./17") = 0
[pid 3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3674] setpgid(0, 0) = 0
[pid 3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3674] write(3, "1000", 4) = 4
[pid 3674] close(3) = 0
[pid 3674] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3674] memfd_create("syzkaller", 0) = 3
[pid 3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 54.444781][ T3672] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 54.480752][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3674] munmap(0x7ff05686f000, 262144) = 0
[pid 3674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3674] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3674] close(3) = 0
[pid 3674] mkdir("./file0", 0777) = 0
[ 54.529275][ T3674] loop0: detected capacity change from 0 to 512
[ 54.541638][ T3674] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.550830][ T3674] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3674] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3674] chdir("./file0") = 0
[pid 3674] ioctl(4, LOOP_CLR_FD) = 0
[pid 3674] close(4) = 0
[pid 3674] exit_group(0) = ?
[pid 3674] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3676
./strace-static-x86_64: Process 3676 attached
[pid 3676] chdir("./18") = 0
[pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3676] setpgid(0, 0) = 0
[pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3676] write(3, "1000", 4) = 4
[pid 3676] close(3) = 0
[pid 3676] symlink("/dev/binderfs", "./binderfs") = 0
[ 54.594845][ T3674] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 54.627311][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3676] memfd_create("syzkaller", 0) = 3
[pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3676] munmap(0x7ff05686f000, 262144) = 0
[pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3676] close(3) = 0
[pid 3676] mkdir("./file0", 0777) = 0
[ 54.683773][ T3676] loop0: detected capacity change from 0 to 512
[ 54.697243][ T3676] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.708275][ T3676] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3676] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3676] chdir("./file0") = 0
[pid 3676] ioctl(4, LOOP_CLR_FD) = 0
[pid 3676] close(4) = 0
[pid 3676] exit_group(0) = ?
[pid 3676] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3678
./strace-static-x86_64: Process 3678 attached
[pid 3678] chdir("./19") = 0
[pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3678] setpgid(0, 0) = 0
[pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3678] write(3, "1000", 4) = 4
[ 54.744790][ T3676] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 54.779993][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3678] close(3) = 0
[pid 3678] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3678] memfd_create("syzkaller", 0) = 3
[pid 3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3678] munmap(0x7ff05686f000, 262144) = 0
[pid 3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3678] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3678] close(3) = 0
[pid 3678] mkdir("./file0", 0777) = 0
[ 54.846657][ T3678] loop0: detected capacity change from 0 to 512
[ 54.859853][ T3678] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.870051][ T3678] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3678] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3678] chdir("./file0") = 0
[pid 3678] ioctl(4, LOOP_CLR_FD) = 0
[pid 3678] close(4) = 0
[pid 3678] exit_group(0) = ?
[pid 3678] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3680
./strace-static-x86_64: Process 3680 attached
[pid 3680] chdir("./20") = 0
[pid 3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3680] setpgid(0, 0) = 0
[pid 3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3680] write(3, "1000", 4) = 4
[pid 3680] close(3) = 0
[pid 3680] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3680] memfd_create("syzkaller", 0) = 3
[pid 3680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3680] munmap(0x7ff05686f000, 262144) = 0
[pid 3680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 54.895182][ T3678] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 54.929643][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3680] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3680] close(3) = 0
[pid 3680] mkdir("./file0", 0777) = 0
[ 54.967634][ T3680] loop0: detected capacity change from 0 to 512
[ 54.978508][ T3680] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 54.987487][ T3680] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3680] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3680] chdir("./file0") = 0
[pid 3680] ioctl(4, LOOP_CLR_FD) = 0
[pid 3680] close(4) = 0
[pid 3680] exit_group(0) = ?
[pid 3680] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3682
./strace-static-x86_64: Process 3682 attached
[pid 3682] chdir("./21") = 0
[pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3682] setpgid(0, 0) = 0
[pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3682] write(3, "1000", 4) = 4
[pid 3682] close(3) = 0
[pid 3682] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3682] memfd_create("syzkaller", 0) = 3
[pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3682] munmap(0x7ff05686f000, 262144) = 0
[pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 55.014831][ T3680] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 55.044244][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3682] close(3) = 0
[pid 3682] mkdir("./file0", 0777) = 0
[ 55.094012][ T3682] loop0: detected capacity change from 0 to 512
[ 55.107766][ T3682] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.118130][ T3682] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3682] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3682] chdir("./file0") = 0
[pid 3682] ioctl(4, LOOP_CLR_FD) = 0
[pid 3682] close(4) = 0
[pid 3682] exit_group(0) = ?
[pid 3682] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3684
./strace-static-x86_64: Process 3684 attached
[pid 3684] chdir("./22") = 0
[pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3684] setpgid(0, 0) = 0
[pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3684] write(3, "1000", 4) = 4
[pid 3684] close(3) = 0
[pid 3684] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3684] memfd_create("syzkaller", 0) = 3
[pid 3684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 55.154807][ T3682] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 55.190063][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3684] munmap(0x7ff05686f000, 262144) = 0
[pid 3684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3684] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3684] close(3) = 0
[pid 3684] mkdir("./file0", 0777) = 0
[ 55.240423][ T3684] loop0: detected capacity change from 0 to 512
[ 55.252867][ T3684] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.262836][ T3684] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3684] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3684] chdir("./file0") = 0
[pid 3684] ioctl(4, LOOP_CLR_FD) = 0
[pid 3684] close(4) = 0
[pid 3684] exit_group(0) = ?
[pid 3684] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3686
./strace-static-x86_64: Process 3686 attached
[pid 3686] chdir("./23") = 0
[pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3686] setpgid(0, 0) = 0
[pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3686] write(3, "1000", 4) = 4
[pid 3686] close(3) = 0
[pid 3686] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3686] memfd_create("syzkaller", 0) = 3
[pid 3686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 55.294823][ T3684] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 55.327065][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3686] munmap(0x7ff05686f000, 262144) = 0
[pid 3686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3686] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3686] close(3) = 0
[pid 3686] mkdir("./file0", 0777) = 0
[pid 3686] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[ 55.379768][ T3686] loop0: detected capacity change from 0 to 512
[ 55.393004][ T3686] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.402816][ T3686] EXT4-fs (loop0): 1 truncate cleaned up
[ 55.414915][ T3686] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[pid 3686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3686] chdir("./file0") = 0
[pid 3686] ioctl(4, LOOP_CLR_FD) = 0
[pid 3686] close(4) = 0
[pid 3686] exit_group(0) = ?
[pid 3686] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3689 attached
, child_tidptr=0x555556e315d0) = 3689
[pid 3689] chdir("./24") = 0
[pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3689] setpgid(0, 0) = 0
[pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3689] write(3, "1000", 4) = 4
[pid 3689] close(3) = 0
[pid 3689] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3689] memfd_create("syzkaller", 0) = 3
[pid 3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3689] munmap(0x7ff05686f000, 262144) = 0
[pid 3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 55.433105][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3689] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3689] close(3) = 0
[pid 3689] mkdir("./file0", 0777) = 0
[ 55.485019][ T3689] loop0: detected capacity change from 0 to 512
[ 55.500889][ T3689] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.511526][ T3689] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3689] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3689] chdir("./file0") = 0
[pid 3689] ioctl(4, LOOP_CLR_FD) = 0
[pid 3689] close(4) = 0
[pid 3689] exit_group(0) = ?
[pid 3689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3691
./strace-static-x86_64: Process 3691 attached
[pid 3691] chdir("./25") = 0
[pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3691] setpgid(0, 0) = 0
[pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3691] write(3, "1000", 4) = 4
[pid 3691] close(3) = 0
[pid 3691] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3691] memfd_create("syzkaller", 0) = 3
[pid 3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 55.545102][ T3689] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 55.575932][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3691] munmap(0x7ff05686f000, 262144) = 0
[pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3691] close(3) = 0
[pid 3691] mkdir("./file0", 0777) = 0
[pid 3691] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3691] chdir("./file0") = 0
[pid 3691] ioctl(4, LOOP_CLR_FD) = 0
[pid 3691] close(4) = 0
[pid 3691] exit_group(0) = ?
[pid 3691] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
[ 55.627279][ T3691] loop0: detected capacity change from 0 to 512
[ 55.639742][ T3691] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.650195][ T3691] EXT4-fs (loop0): 1 truncate cleaned up
[ 55.665008][ T3691] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3693
./strace-static-x86_64: Process 3693 attached
[pid 3693] chdir("./26") = 0
[pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3693] setpgid(0, 0) = 0
[pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3693] write(3, "1000", 4) = 4
[pid 3693] close(3) = 0
[pid 3693] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3693] memfd_create("syzkaller", 0) = 3
[ 55.692291][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3693] munmap(0x7ff05686f000, 262144) = 0
[pid 3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3693] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3693] close(3) = 0
[pid 3693] mkdir("./file0", 0777) = 0
[ 55.764058][ T3693] loop0: detected capacity change from 0 to 512
[ 55.781589][ T3693] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.797591][ T3693] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3693] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3693] chdir("./file0") = 0
[pid 3693] ioctl(4, LOOP_CLR_FD) = 0
[pid 3693] close(4) = 0
[pid 3693] exit_group(0) = ?
[pid 3693] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
[ 55.824862][ T3693] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3695
[ 55.866747][ T3637] EXT4-fs (loop0): unmounting filesystem.
./strace-static-x86_64: Process 3695 attached
[pid 3695] chdir("./27") = 0
[pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3695] setpgid(0, 0) = 0
[pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3695] write(3, "1000", 4) = 4
[pid 3695] close(3) = 0
[pid 3695] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3695] memfd_create("syzkaller", 0) = 3
[pid 3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3695] munmap(0x7ff05686f000, 262144) = 0
[pid 3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3695] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3695] close(3) = 0
[pid 3695] mkdir("./file0", 0777) = 0
[pid 3695] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3695] chdir("./file0") = 0
[pid 3695] ioctl(4, LOOP_CLR_FD) = 0
[pid 3695] close(4) = 0
[pid 3695] exit_group(0) = ?
[pid 3695] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
[ 55.947248][ T3695] loop0: detected capacity change from 0 to 512
[ 55.963202][ T3695] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 55.975501][ T3695] EXT4-fs (loop0): 1 truncate cleaned up
[ 55.986452][ T3695] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3697
./strace-static-x86_64: Process 3697 attached
[pid 3697] chdir("./28") = 0
[pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3697] setpgid(0, 0) = 0
[pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3697] write(3, "1000", 4) = 4
[pid 3697] close(3) = 0
[pid 3697] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3697] memfd_create("syzkaller", 0) = 3
[pid 3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3697] munmap(0x7ff05686f000, 262144) = 0
[pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.013210][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3697] close(3) = 0
[pid 3697] mkdir("./file0", 0777) = 0
[pid 3697] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3697] chdir("./file0") = 0
[pid 3697] ioctl(4, LOOP_CLR_FD) = 0
[pid 3697] close(4) = 0
[pid 3697] exit_group(0) = ?
[pid 3697] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
[ 56.059082][ T3697] loop0: detected capacity change from 0 to 512
[ 56.072175][ T3697] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.083065][ T3697] EXT4-fs (loop0): 1 truncate cleaned up
[ 56.096338][ T3697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3699
./strace-static-x86_64: Process 3699 attached
[pid 3699] chdir("./29") = 0
[pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3699] setpgid(0, 0) = 0
[pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3699] write(3, "1000", 4) = 4
[pid 3699] close(3) = 0
[pid 3699] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3699] memfd_create("syzkaller", 0) = 3
[pid 3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3699] munmap(0x7ff05686f000, 262144) = 0
[pid 3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.134965][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3699] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3699] close(3) = 0
[pid 3699] mkdir("./file0", 0777) = 0
[pid 3699] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3699] chdir("./file0") = 0
[pid 3699] ioctl(4, LOOP_CLR_FD) = 0
[pid 3699] close(4) = 0
[pid 3699] exit_group(0) = ?
[pid 3699] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
[ 56.189271][ T3699] loop0: detected capacity change from 0 to 512
[ 56.200811][ T3699] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.211249][ T3699] EXT4-fs (loop0): 1 truncate cleaned up
[ 56.224949][ T3699] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3701
./strace-static-x86_64: Process 3701 attached
[pid 3701] chdir("./30") = 0
[pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3701] setpgid(0, 0) = 0
[pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3701] write(3, "1000", 4) = 4
[pid 3701] close(3) = 0
[pid 3701] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3701] memfd_create("syzkaller", 0) = 3
[pid 3701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3701] munmap(0x7ff05686f000, 262144) = 0
[ 56.258663][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3701] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3701] close(3) = 0
[pid 3701] mkdir("./file0", 0777) = 0
[ 56.320416][ T3701] loop0: detected capacity change from 0 to 512
[ 56.333233][ T3701] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.342806][ T3701] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3701] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3701] chdir("./file0") = 0
[pid 3701] ioctl(4, LOOP_CLR_FD) = 0
[pid 3701] close(4) = 0
[pid 3701] exit_group(0) = ?
[pid 3701] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
[ 56.385041][ T3701] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3703
./strace-static-x86_64: Process 3703 attached
[pid 3703] chdir("./31") = 0
[pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3703] setpgid(0, 0) = 0
[pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3703] write(3, "1000", 4) = 4
[pid 3703] close(3) = 0
[pid 3703] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3703] memfd_create("syzkaller", 0) = 3
[pid 3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3703] munmap(0x7ff05686f000, 262144) = 0
[ 56.433948][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3703] close(3) = 0
[pid 3703] mkdir("./file0", 0777) = 0
[ 56.495953][ T3703] loop0: detected capacity change from 0 to 512
[ 56.508174][ T3703] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.517378][ T3703] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3703] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3703] chdir("./file0") = 0
[pid 3703] ioctl(4, LOOP_CLR_FD) = 0
[pid 3703] close(4) = 0
[pid 3703] exit_group(0) = ?
[pid 3703] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3705
./strace-static-x86_64: Process 3705 attached
[pid 3705] chdir("./32") = 0
[pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3705] setpgid(0, 0) = 0
[pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3705] write(3, "1000", 4) = 4
[pid 3705] close(3) = 0
[pid 3705] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3705] memfd_create("syzkaller", 0) = 3
[pid 3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3705] munmap(0x7ff05686f000, 262144) = 0
[pid 3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.554889][ T3703] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 56.584683][ T3637] EXT4-fs (loop0): unmounting filesystem.
[pid 3705] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3705] close(3) = 0
[pid 3705] mkdir("./file0", 0777) = 0
[pid 3705] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3705] chdir("./file0") = 0
[pid 3705] ioctl(4, LOOP_CLR_FD) = 0
[pid 3705] close(4) = 0
[pid 3705] exit_group(0) = ?
[pid 3705] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 56.629637][ T3705] loop0: detected capacity change from 0 to 512
[ 56.641349][ T3705] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.651404][ T3705] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3707
./strace-static-x86_64: Process 3707 attached
[pid 3707] chdir("./33") = 0
[pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3707] setpgid(0, 0) = 0
[pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3707] write(3, "1000", 4) = 4
[pid 3707] close(3) = 0
[pid 3707] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3707] memfd_create("syzkaller", 0) = 3
[pid 3707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3707] munmap(0x7ff05686f000, 262144) = 0
[pid 3707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3707] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3707] close(3) = 0
[pid 3707] mkdir("./file0", 0777) = 0
[pid 3707] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3707] chdir("./file0") = 0
[pid 3707] ioctl(4, LOOP_CLR_FD) = 0
[pid 3707] close(4) = 0
[pid 3707] exit_group(0) = ?
[pid 3707] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3709
./strace-static-x86_64: Process 3709 attached
[pid 3709] chdir("./34") = 0
[pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 56.731613][ T3707] loop0: detected capacity change from 0 to 512
[ 56.743732][ T3707] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.753875][ T3707] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3709] setpgid(0, 0) = 0
[pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3709] write(3, "1000", 4) = 4
[pid 3709] close(3) = 0
[pid 3709] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3709] memfd_create("syzkaller", 0) = 3
[pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3709] munmap(0x7ff05686f000, 262144) = 0
[pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3709] close(3) = 0
[pid 3709] mkdir("./file0", 0777) = 0
[pid 3709] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3709] chdir("./file0") = 0
[pid 3709] ioctl(4, LOOP_CLR_FD) = 0
[pid 3709] close(4) = 0
[pid 3709] exit_group(0) = ?
[pid 3709] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
[ 56.826389][ T3709] loop0: detected capacity change from 0 to 512
[ 56.839045][ T3709] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.848769][ T3709] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3711
./strace-static-x86_64: Process 3711 attached
[pid 3711] chdir("./35") = 0
[pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3711] setpgid(0, 0) = 0
[pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3711] write(3, "1000", 4) = 4
[pid 3711] close(3) = 0
[pid 3711] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3711] memfd_create("syzkaller", 0) = 3
[pid 3711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3711] munmap(0x7ff05686f000, 262144) = 0
[pid 3711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3711] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3711] close(3) = 0
[pid 3711] mkdir("./file0", 0777) = 0
[pid 3711] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3711] chdir("./file0") = 0
[pid 3711] ioctl(4, LOOP_CLR_FD) = 0
[pid 3711] close(4) = 0
[pid 3711] exit_group(0) = ?
[pid 3711] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3713
./strace-static-x86_64: Process 3713 attached
[pid 3713] chdir("./36") = 0
[pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 56.948814][ T3711] loop0: detected capacity change from 0 to 512
[ 56.961335][ T3711] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 56.972450][ T3711] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3713] setpgid(0, 0) = 0
[pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3713] write(3, "1000", 4) = 4
[pid 3713] close(3) = 0
[pid 3713] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3713] memfd_create("syzkaller", 0) = 3
[pid 3713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3713] munmap(0x7ff05686f000, 262144) = 0
[pid 3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3713] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3713] close(3) = 0
[pid 3713] mkdir("./file0", 0777) = 0
[ 57.042922][ T3713] loop0: detected capacity change from 0 to 512
[ 57.056343][ T3713] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.065645][ T3713] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3713] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3713] chdir("./file0") = 0
[pid 3713] ioctl(4, LOOP_CLR_FD) = 0
[pid 3713] close(4) = 0
[pid 3713] exit_group(0) = ?
[pid 3713] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3715
./strace-static-x86_64: Process 3715 attached
[pid 3715] chdir("./37") = 0
[pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3715] setpgid(0, 0) = 0
[pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3715] write(3, "1000", 4) = 4
[pid 3715] close(3) = 0
[pid 3715] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3715] memfd_create("syzkaller", 0) = 3
[pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3715] munmap(0x7ff05686f000, 262144) = 0
[pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3715] close(3) = 0
[pid 3715] mkdir("./file0", 0777) = 0
[pid 3715] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3715] chdir("./file0") = 0
[pid 3715] ioctl(4, LOOP_CLR_FD) = 0
[pid 3715] close(4) = 0
[pid 3715] exit_group(0) = ?
[pid 3715] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
[ 57.196059][ T3715] loop0: detected capacity change from 0 to 512
[ 57.207418][ T3715] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.217512][ T3715] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3717
./strace-static-x86_64: Process 3717 attached
[pid 3717] chdir("./38") = 0
[pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3717] setpgid(0, 0) = 0
[pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3717] write(3, "1000", 4) = 4
[pid 3717] close(3) = 0
[pid 3717] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3717] memfd_create("syzkaller", 0) = 3
[pid 3717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3717] munmap(0x7ff05686f000, 262144) = 0
[pid 3717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3717] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3717] close(3) = 0
[pid 3717] mkdir("./file0", 0777) = 0
[pid 3717] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3717] chdir("./file0") = 0
[pid 3717] ioctl(4, LOOP_CLR_FD) = 0
[ 57.311214][ T3717] loop0: detected capacity change from 0 to 512
[ 57.334191][ T3717] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.345430][ T3717] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3717] close(4) = 0
[pid 3717] exit_group(0) = ?
[pid 3717] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3719
./strace-static-x86_64: Process 3719 attached
[pid 3719] chdir("./39") = 0
[pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3719] setpgid(0, 0) = 0
[pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3719] write(3, "1000", 4) = 4
[pid 3719] close(3) = 0
[pid 3719] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3719] memfd_create("syzkaller", 0) = 3
[pid 3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3719] munmap(0x7ff05686f000, 262144) = 0
[pid 3719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3719] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3719] close(3) = 0
[pid 3719] mkdir("./file0", 0777) = 0
[pid 3719] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3719] chdir("./file0") = 0
[pid 3719] ioctl(4, LOOP_CLR_FD) = 0
[pid 3719] close(4) = 0
[pid 3719] exit_group(0) = ?
[pid 3719] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 57.439853][ T3719] loop0: detected capacity change from 0 to 512
[ 57.452027][ T3719] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.462759][ T3719] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3721
./strace-static-x86_64: Process 3721 attached
[pid 3721] chdir("./40") = 0
[pid 3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3721] setpgid(0, 0) = 0
[pid 3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3721] write(3, "1000", 4) = 4
[pid 3721] close(3) = 0
[pid 3721] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3721] memfd_create("syzkaller", 0) = 3
[pid 3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3721] munmap(0x7ff05686f000, 262144) = 0
[pid 3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3721] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3721] close(3) = 0
[pid 3721] mkdir("./file0", 0777) = 0
[pid 3721] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3721] chdir("./file0") = 0
[pid 3721] ioctl(4, LOOP_CLR_FD) = 0
[pid 3721] close(4) = 0
[pid 3721] exit_group(0) = ?
[pid 3721] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 57.543433][ T3721] loop0: detected capacity change from 0 to 512
[ 57.555913][ T3721] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.565700][ T3721] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3723
./strace-static-x86_64: Process 3723 attached
[pid 3723] chdir("./41") = 0
[pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3723] setpgid(0, 0) = 0
[pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3723] write(3, "1000", 4) = 4
[pid 3723] close(3) = 0
[pid 3723] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3723] memfd_create("syzkaller", 0) = 3
[pid 3723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3723] munmap(0x7ff05686f000, 262144) = 0
[pid 3723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3723] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3723] close(3) = 0
[pid 3723] mkdir("./file0", 0777) = 0
[pid 3723] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3723] chdir("./file0") = 0
[pid 3723] ioctl(4, LOOP_CLR_FD) = 0
[pid 3723] close(4) = 0
[pid 3723] exit_group(0) = ?
[pid 3723] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
[ 57.676214][ T3723] loop0: detected capacity change from 0 to 512
[ 57.687016][ T3723] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.697596][ T3723] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3725 attached
, child_tidptr=0x555556e315d0) = 3725
[pid 3725] chdir("./42") = 0
[pid 3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3725] setpgid(0, 0) = 0
[pid 3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3725] write(3, "1000", 4) = 4
[pid 3725] close(3) = 0
[pid 3725] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3725] memfd_create("syzkaller", 0) = 3
[pid 3725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3725] munmap(0x7ff05686f000, 262144) = 0
[pid 3725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3725] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3725] close(3) = 0
[pid 3725] mkdir("./file0", 0777) = 0
[pid 3725] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3725] chdir("./file0") = 0
[pid 3725] ioctl(4, LOOP_CLR_FD) = 0
[pid 3725] close(4) = 0
[pid 3725] exit_group(0) = ?
[pid 3725] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 57.786862][ T3725] loop0: detected capacity change from 0 to 512
[ 57.797824][ T3725] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.807980][ T3725] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3727
./strace-static-x86_64: Process 3727 attached
[pid 3727] chdir("./43") = 0
[pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3727] setpgid(0, 0) = 0
[pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3727] write(3, "1000", 4) = 4
[pid 3727] close(3) = 0
[pid 3727] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3727] memfd_create("syzkaller", 0) = 3
[pid 3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3727] munmap(0x7ff05686f000, 262144) = 0
[pid 3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3727] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3727] close(3) = 0
[pid 3727] mkdir("./file0", 0777) = 0
[pid 3727] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3727] chdir("./file0") = 0
[pid 3727] ioctl(4, LOOP_CLR_FD) = 0
[pid 3727] close(4) = 0
[pid 3727] exit_group(0) = ?
[pid 3727] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 57.898749][ T3727] loop0: detected capacity change from 0 to 512
[ 57.910384][ T3727] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 57.919937][ T3727] EXT4-fs (loop0): 1 truncate cleaned up
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3729
./strace-static-x86_64: Process 3729 attached
[pid 3729] chdir("./44") = 0
[pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3729] setpgid(0, 0) = 0
[pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3729] write(3, "1000", 4) = 4
[pid 3729] close(3) = 0
[pid 3729] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3729] memfd_create("syzkaller", 0) = 3
[pid 3729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3729] munmap(0x7ff05686f000, 262144) = 0
[pid 3729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3729] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3729] close(3) = 0
[pid 3729] mkdir("./file0", 0777) = 0
[pid 3729] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3729] chdir("./file0") = 0
[pid 3729] ioctl(4, LOOP_CLR_FD) = 0
[pid 3729] close(4) = 0
[pid 3729] exit_group(0) = ?
[pid 3729] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3731
./strace-static-x86_64: Process 3731 attached
[pid 3731] chdir("./45") = 0
[pid 3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3731] setpgid(0, 0) = 0
[pid 3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 58.024953][ T3729] loop0: detected capacity change from 0 to 512
[ 58.037374][ T3729] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.047044][ T3729] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3731] write(3, "1000", 4) = 4
[pid 3731] close(3) = 0
[pid 3731] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3731] memfd_create("syzkaller", 0) = 3
[pid 3731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3731] munmap(0x7ff05686f000, 262144) = 0
[pid 3731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3731] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3731] close(3) = 0
[pid 3731] mkdir("./file0", 0777) = 0
[pid 3731] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3731] chdir("./file0") = 0
[pid 3731] ioctl(4, LOOP_CLR_FD) = 0
[pid 3731] close(4) = 0
[pid 3731] exit_group(0) = ?
[pid 3731] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3733
[ 58.123344][ T3731] loop0: detected capacity change from 0 to 512
[ 58.136055][ T3731] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.146249][ T3731] EXT4-fs (loop0): 1 truncate cleaned up
./strace-static-x86_64: Process 3733 attached
[pid 3733] chdir("./46") = 0
[pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3733] setpgid(0, 0) = 0
[pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3733] write(3, "1000", 4) = 4
[pid 3733] close(3) = 0
[pid 3733] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3733] memfd_create("syzkaller", 0) = 3
[pid 3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3733] munmap(0x7ff05686f000, 262144) = 0
[pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3733] close(3) = 0
[pid 3733] mkdir("./file0", 0777) = 0
[pid 3733] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3733] chdir("./file0") = 0
[pid 3733] ioctl(4, LOOP_CLR_FD) = 0
[pid 3733] close(4) = 0
[pid 3733] exit_group(0) = ?
[pid 3733] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 58.228687][ T3733] loop0: detected capacity change from 0 to 512
[ 58.240369][ T3733] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.249526][ T3733] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3736 attached
, child_tidptr=0x555556e315d0) = 3736
[pid 3736] chdir("./47") = 0
[pid 3736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3736] setpgid(0, 0) = 0
[pid 3736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3736] write(3, "1000", 4) = 4
[pid 3736] close(3) = 0
[pid 3736] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3736] memfd_create("syzkaller", 0) = 3
[pid 3736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3736] munmap(0x7ff05686f000, 262144) = 0
[pid 3736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3736] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3736] close(3) = 0
[pid 3736] mkdir("./file0", 0777) = 0
[pid 3736] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3736] chdir("./file0") = 0
[pid 3736] ioctl(4, LOOP_CLR_FD) = 0
[pid 3736] close(4) = 0
[pid 3736] exit_group(0) = ?
[pid 3736] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3736, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 58.348061][ T3736] loop0: detected capacity change from 0 to 512
[ 58.359346][ T3736] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.369205][ T3736] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3738
./strace-static-x86_64: Process 3738 attached
[pid 3738] chdir("./48") = 0
[pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3738] setpgid(0, 0) = 0
[pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3738] write(3, "1000", 4) = 4
[pid 3738] close(3) = 0
[pid 3738] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3738] memfd_create("syzkaller", 0) = 3
[pid 3738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3738] munmap(0x7ff05686f000, 262144) = 0
[pid 3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3738] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3738] close(3) = 0
[pid 3738] mkdir("./file0", 0777) = 0
[pid 3738] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3738] chdir("./file0") = 0
[pid 3738] ioctl(4, LOOP_CLR_FD) = 0
[pid 3738] close(4) = 0
[pid 3738] exit_group(0) = ?
[pid 3738] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3740
[ 58.469271][ T3738] loop0: detected capacity change from 0 to 512
[ 58.481930][ T3738] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.491281][ T3738] EXT4-fs (loop0): 1 truncate cleaned up
./strace-static-x86_64: Process 3740 attached
[pid 3740] chdir("./49") = 0
[pid 3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3740] setpgid(0, 0) = 0
[pid 3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3740] write(3, "1000", 4) = 4
[pid 3740] close(3) = 0
[pid 3740] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3740] memfd_create("syzkaller", 0) = 3
[pid 3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3740] munmap(0x7ff05686f000, 262144) = 0
[pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3740] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3740] close(3) = 0
[pid 3740] mkdir("./file0", 0777) = 0
[pid 3740] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3740] chdir("./file0") = 0
[pid 3740] ioctl(4, LOOP_CLR_FD) = 0
[pid 3740] close(4) = 0
[pid 3740] exit_group(0) = ?
[pid 3740] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3742
./strace-static-x86_64: Process 3742 attached
[pid 3742] chdir("./50") = 0
[ 58.578563][ T3740] loop0: detected capacity change from 0 to 512
[ 58.591384][ T3740] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.600815][ T3740] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3742] setpgid(0, 0) = 0
[pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3742] write(3, "1000", 4) = 4
[pid 3742] close(3) = 0
[pid 3742] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3742] memfd_create("syzkaller", 0) = 3
[pid 3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3742] munmap(0x7ff05686f000, 262144) = 0
[pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3742] close(3) = 0
[pid 3742] mkdir("./file0", 0777) = 0
[pid 3742] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3742] chdir("./file0") = 0
[pid 3742] ioctl(4, LOOP_CLR_FD) = 0
[pid 3742] close(4) = 0
[pid 3742] exit_group(0) = ?
[pid 3742] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3744
./strace-static-x86_64: Process 3744 attached
[pid 3744] chdir("./51") = 0
[pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3744] setpgid(0, 0) = 0
[pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3744] write(3, "1000", 4) = 4
[pid 3744] close(3) = 0
[pid 3744] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3744] memfd_create("syzkaller", 0) = 3
[pid 3744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3744] munmap(0x7ff05686f000, 262144) = 0
[pid 3744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.668877][ T3742] loop0: detected capacity change from 0 to 512
[ 58.681249][ T3742] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.691208][ T3742] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3744] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3744] close(3) = 0
[pid 3744] mkdir("./file0", 0777) = 0
[pid 3744] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3744] chdir("./file0") = 0
[pid 3744] ioctl(4, LOOP_CLR_FD) = 0
[pid 3744] close(4) = 0
[pid 3744] exit_group(0) = ?
[pid 3744] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
[ 58.750273][ T3744] loop0: detected capacity change from 0 to 512
[ 58.763695][ T3744] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.773946][ T3744] EXT4-fs (loop0): 1 truncate cleaned up
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3746
./strace-static-x86_64: Process 3746 attached
[pid 3746] chdir("./52") = 0
[pid 3746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3746] setpgid(0, 0) = 0
[pid 3746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3746] write(3, "1000", 4) = 4
[pid 3746] close(3) = 0
[pid 3746] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3746] memfd_create("syzkaller", 0) = 3
[pid 3746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3746] munmap(0x7ff05686f000, 262144) = 0
[pid 3746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3746] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3746] close(3) = 0
[pid 3746] mkdir("./file0", 0777) = 0
[pid 3746] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3746] chdir("./file0") = 0
[pid 3746] ioctl(4, LOOP_CLR_FD) = 0
[pid 3746] close(4) = 0
[pid 3746] exit_group(0) = ?
[pid 3746] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3746, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 58.856038][ T3746] loop0: detected capacity change from 0 to 512
[ 58.868087][ T3746] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 58.878102][ T3746] EXT4-fs (loop0): 1 truncate cleaned up
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3748
./strace-static-x86_64: Process 3748 attached
[pid 3748] chdir("./53") = 0
[pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3748] setpgid(0, 0) = 0
[pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3748] write(3, "1000", 4) = 4
[pid 3748] close(3) = 0
[pid 3748] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3748] memfd_create("syzkaller", 0) = 3
[pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3748] munmap(0x7ff05686f000, 262144) = 0
[pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3748] close(3) = 0
[pid 3748] mkdir("./file0", 0777) = 0
[pid 3748] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3748] chdir("./file0") = 0
[pid 3748] ioctl(4, LOOP_CLR_FD) = 0
[pid 3748] close(4) = 0
[pid 3748] exit_group(0) = ?
[pid 3748] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3750
./strace-static-x86_64: Process 3750 attached
[ 58.982536][ T3748] loop0: detected capacity change from 0 to 512
[ 58.994255][ T3748] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 59.003981][ T3748] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3750] chdir("./54") = 0
[pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3750] setpgid(0, 0) = 0
[pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3750] write(3, "1000", 4) = 4
[pid 3750] close(3) = 0
[pid 3750] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3750] memfd_create("syzkaller", 0) = 3
[pid 3750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3750] munmap(0x7ff05686f000, 262144) = 0
[pid 3750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3750] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3750] close(3) = 0
[pid 3750] mkdir("./file0", 0777) = 0
[pid 3750] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3750] chdir("./file0") = 0
[pid 3750] ioctl(4, LOOP_CLR_FD) = 0
[pid 3750] close(4) = 0
[pid 3750] exit_group(0) = ?
[pid 3750] +++ exited with 0 +++
[ 59.082692][ T3750] loop0: detected capacity change from 0 to 512
[ 59.095035][ T3750] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 59.104730][ T3750] EXT4-fs (loop0): 1 truncate cleaned up
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3752
./strace-static-x86_64: Process 3752 attached
[pid 3752] chdir("./55") = 0
[pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3752] setpgid(0, 0) = 0
[pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3752] write(3, "1000", 4) = 4
[pid 3752] close(3) = 0
[pid 3752] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3752] memfd_create("syzkaller", 0) = 3
[pid 3752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3752] munmap(0x7ff05686f000, 262144) = 0
[pid 3752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3752] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3752] close(3) = 0
[pid 3752] mkdir("./file0", 0777) = 0
[ 59.215133][ T3752] loop0: detected capacity change from 0 to 512
[ 59.226098][ T3752] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 59.236906][ T3752]
[ 59.239241][ T3752] ======================================================
[ 59.246237][ T3752] WARNING: possible circular locking dependency detected
[ 59.253232][ T3752] 6.1.0-syzkaller #0 Not tainted
[ 59.258146][ T3752] ------------------------------------------------------
[ 59.265138][ T3752] syz-executor235/3752 is trying to acquire lock:
[ 59.271526][ T3752] ffff8880719f3928 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x58/0x4e0
[ 59.280389][ T3752]
[ 59.280389][ T3752] but task is already holding lock:
[ 59.287769][ T3752] ffff888074db52c8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0xa06/0xeb0
[ 59.296967][ T3752]
[ 59.296967][ T3752] which lock already depends on the new lock.
[ 59.296967][ T3752]
[ 59.307346][ T3752]
[ 59.307346][ T3752] the existing dependency chain (in reverse order) is:
[ 59.316334][ T3752]
[ 59.316334][ T3752] -> #2 (&ei->i_data_sem/2){++++}-{3:3}:
[ 59.324127][ T3752] lock_acquire+0x182/0x3c0
[ 59.329133][ T3752] down_read+0x39/0x50
[ 59.333709][ T3752] ext4_map_blocks+0x398/0x1cc0
[ 59.339063][ T3752] ext4_getblk+0x1b9/0x770
[ 59.343981][ T3752] ext4_bread+0x2a/0x170
[ 59.348728][ T3752] ext4_quota_write+0x225/0x570
[ 59.354097][ T3752] get_free_dqblk+0x34a/0x6d0
[ 59.359274][ T3752] do_insert_tree+0x271/0x1b50
[ 59.364565][ T3752] do_insert_tree+0x744/0x1b50
[ 59.369833][ T3752] do_insert_tree+0x744/0x1b50
[ 59.375093][ T3752] do_insert_tree+0x744/0x1b50
[ 59.380356][ T3752] qtree_write_dquot+0x3b6/0x530
[ 59.385792][ T3752] v2_write_dquot+0x11b/0x190
[ 59.390969][ T3752] dquot_acquire+0x348/0x670
[ 59.396060][ T3752] ext4_acquire_dquot+0x2e0/0x400
[ 59.401584][ T3752] dqget+0x999/0xdc0
[ 59.405978][ T3752] __dquot_initialize+0x3d0/0xcf0
[ 59.411524][ T3752] ext4_process_orphan+0x57/0x2d0
[ 59.417061][ T3752] ext4_orphan_cleanup+0xb60/0x1340
[ 59.422772][ T3752] ext4_fill_super+0x80ed/0x8610
[ 59.428226][ T3752] get_tree_bdev+0x400/0x620
[ 59.433327][ T3752] vfs_get_tree+0x88/0x270
[ 59.438249][ T3752] do_new_mount+0x289/0xad0
[ 59.443252][ T3752] __se_sys_mount+0x2d3/0x3c0
[ 59.448426][ T3752] do_syscall_64+0x3d/0xb0
[ 59.453341][ T3752] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.459757][ T3752]
[ 59.459757][ T3752] -> #1 (&s->s_dquot.dqio_sem){++++}-{3:3}:
[ 59.467810][ T3752] lock_acquire+0x182/0x3c0
[ 59.472818][ T3752] down_read+0x39/0x50
[ 59.477395][ T3752] v2_read_dquot+0x4a/0x100
[ 59.482400][ T3752] dquot_acquire+0x186/0x670
[ 59.487493][ T3752] ext4_acquire_dquot+0x2e0/0x400
[ 59.493020][ T3752] dqget+0x999/0xdc0
[ 59.497417][ T3752] __dquot_initialize+0x291/0xcf0
[ 59.502942][ T3752] ext4_process_orphan+0x57/0x2d0
[ 59.508476][ T3752] ext4_orphan_cleanup+0xb60/0x1340
[ 59.514171][ T3752] ext4_fill_super+0x80ed/0x8610
[ 59.519612][ T3752] get_tree_bdev+0x400/0x620
[ 59.524704][ T3752] vfs_get_tree+0x88/0x270
[ 59.529620][ T3752] do_new_mount+0x289/0xad0
[ 59.534630][ T3752] __se_sys_mount+0x2d3/0x3c0
[ 59.539804][ T3752] do_syscall_64+0x3d/0xb0
[ 59.544723][ T3752] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.551133][ T3752]
[ 59.551133][ T3752] -> #0 (&dquot->dq_lock){+.+.}-{3:3}:
[ 59.558751][ T3752] validate_chain+0x1898/0x6ae0
[ 59.564107][ T3752] __lock_acquire+0x1292/0x1f60
[ 59.569461][ T3752] lock_acquire+0x182/0x3c0
[ 59.574467][ T3752] __mutex_lock_common+0x1bd/0x26e0
[ 59.580175][ T3752] mutex_lock_nested+0x17/0x20
[ 59.585439][ T3752] dquot_commit+0x58/0x4e0
[ 59.590357][ T3752] ext4_write_dquot+0x1e4/0x2b0
[ 59.595707][ T3752] __dquot_free_space+0x9a8/0xfb0
[ 59.601234][ T3752] ext4_free_blocks+0x1c4a/0x2810
[ 59.606761][ T3752] ext4_ext_remove_space+0x1f5b/0x46b0
[ 59.612717][ T3752] ext4_ext_truncate+0x177/0x220
[ 59.618154][ T3752] ext4_truncate+0xa7c/0xeb0
[ 59.623244][ T3752] ext4_process_orphan+0x1aa/0x2d0
[ 59.628853][ T3752] ext4_orphan_cleanup+0xb60/0x1340
[ 59.634554][ T3752] ext4_fill_super+0x80ed/0x8610
[ 59.639996][ T3752] get_tree_bdev+0x400/0x620
[ 59.645085][ T3752] vfs_get_tree+0x88/0x270
[ 59.650089][ T3752] do_new_mount+0x289/0xad0
[ 59.655092][ T3752] __se_sys_mount+0x2d3/0x3c0
[ 59.660292][ T3752] do_syscall_64+0x3d/0xb0
[ 59.665208][ T3752] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.671601][ T3752]
[ 59.671601][ T3752] other info that might help us debug this:
[ 59.671601][ T3752]
[ 59.681806][ T3752] Chain exists of:
[ 59.681806][ T3752] &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2
[ 59.681806][ T3752]
[ 59.695433][ T3752] Possible unsafe locking scenario:
[ 59.695433][ T3752]
[ 59.702863][ T3752] CPU0 CPU1
[ 59.708204][ T3752] ---- ----
[ 59.713572][ T3752] lock(&ei->i_data_sem/2);
[ 59.718145][ T3752] lock(&s->s_dquot.dqio_sem);
[ 59.725502][ T3752] lock(&ei->i_data_sem/2);
[ 59.732863][ T3752] lock(&dquot->dq_lock);
[ 59.737258][ T3752]
[ 59.737258][ T3752] *** DEADLOCK ***
[ 59.737258][ T3752]
[ 59.745388][ T3752] 4 locks held by syz-executor235/3752:
[ 59.750906][ T3752] #0: ffff8880286a60e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x212/0x920
[ 59.760974][ T3752] #1: ffff888074db5440 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_process_orphan+0x164/0x2d0
[ 59.771904][ T3752] #2: ffff888074db52c8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0xa06/0xeb0
[ 59.781534][ T3752] #3: ffffffff8d26c748 (dquot_srcu){....}-{0:0}, at: rcu_lock_acquire+0x5/0x30
[ 59.790555][ T3752]
[ 59.790555][ T3752] stack backtrace:
[ 59.796420][ T3752] CPU: 0 PID: 3752 Comm: syz-executor235 Not tainted 6.1.0-syzkaller #0
[ 59.804722][ T3752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.814757][ T3752] Call Trace:
[ 59.818020][ T3752]
[ 59.820934][ T3752] dump_stack_lvl+0x1b1/0x28e
[ 59.825594][ T3752] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 59.831037][ T3752] ? print_circular_bug+0x13e/0x1c0
[ 59.836216][ T3752] check_noncircular+0x2cc/0x390
[ 59.841134][ T3752] ? add_chain_block+0x850/0x850
[ 59.846051][ T3752] ? lockdep_lock+0x102/0x290
[ 59.851003][ T3752] ? validate_chain+0x1478/0x6ae0
[ 59.856006][ T3752] ? _find_first_zero_bit+0xe8/0x110
[ 59.861278][ T3752] validate_chain+0x1898/0x6ae0
[ 59.866133][ T3752] ? check_noncircular+0x1aa/0x390
[ 59.871224][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.876578][ T3752] ? add_chain_block+0x850/0x850
[ 59.881499][ T3752] ? lockdep_lock+0x102/0x290
[ 59.886157][ T3752] ? lockdep_unlock+0x144/0x2e0
[ 59.890988][ T3752] ? lockdep_lock+0x290/0x290
[ 59.895674][ T3752] ? _find_first_zero_bit+0xe8/0x110
[ 59.900944][ T3752] ? validate_chain+0x177/0x6ae0
[ 59.905865][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.911217][ T3752] ? stack_trace_save+0x1e0/0x1e0
[ 59.916223][ T3752] ? noop_count+0x30/0x30
[ 59.920546][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.925900][ T3752] ? check_path+0x21/0x40
[ 59.930208][ T3752] ? check_noncircular+0x1aa/0x390
[ 59.935298][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.940652][ T3752] ? add_chain_block+0x850/0x850
[ 59.945569][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.950920][ T3752] ? lockdep_lock+0x102/0x290
[ 59.955596][ T3752] ? lockdep_lock+0x290/0x290
[ 59.960254][ T3752] ? _find_first_zero_bit+0xe8/0x110
[ 59.965539][ T3752] ? validate_chain+0x1478/0x6ae0
[ 59.970544][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.975898][ T3752] ? check_path+0x40/0x40
[ 59.980209][ T3752] ? reacquire_held_locks+0x650/0x650
[ 59.985559][ T3752] ? validate_chain+0x1478/0x6ae0
[ 59.990565][ T3752] ? check_path+0x21/0x40
[ 59.994876][ T3752] ? check_noncircular+0x1aa/0x390
[ 59.999971][ T3752] ? add_chain_block+0x850/0x850
[ 60.004889][ T3752] ? lockdep_lock+0x102/0x290
[ 60.009543][ T3752] ? lockdep_unlock+0x144/0x2e0
[ 60.014373][ T3752] ? lockdep_lock+0x290/0x290
[ 60.019028][ T3752] ? validate_chain+0x1478/0x6ae0
[ 60.024032][ T3752] ? _find_first_zero_bit+0xe8/0x110
[ 60.029301][ T3752] ? validate_chain+0x1478/0x6ae0
[ 60.034313][ T3752] ? reacquire_held_locks+0x650/0x650
[ 60.039666][ T3752] ? reacquire_held_locks+0x650/0x650
[ 60.045017][ T3752] ? reacquire_held_locks+0x650/0x650
[ 60.050388][ T3752] ? validate_chain+0x177/0x6ae0
[ 60.055305][ T3752] ? rcu_lock_release+0x5/0x20
[ 60.060051][ T3752] ? __lock_acquire+0x1f60/0x1f60
[ 60.065056][ T3752] ? deref_stack_reg+0x17a/0x210
[ 60.070003][ T3752] ? preempt_count_add+0x8d/0x180
[ 60.075011][ T3752] ? reacquire_held_locks+0x650/0x650
[ 60.080366][ T3752] ? mark_lock+0x9a/0x350
[ 60.084680][ T3752] ? stack_trace_save+0x1e0/0x1e0
[ 60.089685][ T3752] ? stack_trace_save+0x1e0/0x1e0
[ 60.094691][ T3752] ? stack_trace_save+0x1e0/0x1e0
[ 60.099695][ T3752] ? rcu_read_lock_sched_held+0x87/0x110
[ 60.105313][ T3752] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.111276][ T3752] ? rcu_lock_release+0x5/0x20
[ 60.116020][ T3752] ? trace_lock_release+0x95/0x220
[ 60.121114][ T3752] ? stack_trace_save+0x1e0/0x1e0
[ 60.126119][ T3752] ? rcu_read_lock_sched_held+0x87/0x110
[ 60.131731][ T3752] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.137691][ T3752] ? rcu_lock_release+0x5/0x20
[ 60.142433][ T3752] ? trace_lock_release+0x95/0x220
[ 60.147525][ T3752] ? read_lock_is_recursive+0x10/0x10
[ 60.152873][ T3752] ? rcu_lock_release+0x5/0x20
[ 60.157615][ T3752] ? __lock_acquire+0x1f60/0x1f60
[ 60.162646][ T3752] ? deref_stack_reg+0x17a/0x210
[ 60.167565][ T3752] ? rcu_read_lock_sched_held+0x87/0x110
[ 60.173180][ T3752] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.179139][ T3752] ? mark_lock+0x9a/0x350
[ 60.183452][ T3752] __lock_acquire+0x1292/0x1f60
[ 60.188285][ T3752] lock_acquire+0x182/0x3c0
[ 60.192765][ T3752] ? dquot_commit+0x58/0x4e0
[ 60.197344][ T3752] ? read_lock_is_recursive+0x10/0x10
[ 60.202696][ T3752] ? finish_lock_switch+0x8e/0x100
[ 60.207792][ T3752] ? __might_sleep+0xc0/0xc0
[ 60.212360][ T3752] ? finish_lock_switch+0x8e/0x100
[ 60.217452][ T3752] ? finish_task_switch+0x140/0x610
[ 60.222633][ T3752] __mutex_lock_common+0x1bd/0x26e0
[ 60.227813][ T3752] ? dquot_commit+0x58/0x4e0
[ 60.232389][ T3752] ? dquot_commit+0x58/0x4e0
[ 60.236990][ T3752] ? __might_sleep+0xc0/0xc0
[ 60.241561][ T3752] ? mutex_lock_io_nested+0x60/0x60
[ 60.246742][ T3752] ? rcu_read_lock_sched_held+0x87/0x110
[ 60.252544][ T3752] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.258517][ T3752] ? preempt_schedule_common+0xb7/0xe0
[ 60.263969][ T3752] ? preempt_schedule+0xb6/0xc0
[ 60.268806][ T3752] ? schedule_preempt_disabled+0x20/0x20
[ 60.274436][ T3752] mutex_lock_nested+0x17/0x20
[ 60.279196][ T3752] dquot_commit+0x58/0x4e0
[ 60.283615][ T3752] ? __ext4_journal_start_sb+0x16e/0x1d0
[ 60.289229][ T3752] ext4_write_dquot+0x1e4/0x2b0
[ 60.294078][ T3752] __dquot_free_space+0x9a8/0xfb0
[ 60.299091][ T3752] ? dquot_reclaim_space_nodirty+0x7f0/0x7f0
[ 60.305052][ T3752] ? ext4_block_bitmap_csum_set+0x1c3/0x4f0
[ 60.310932][ T3752] ? get_usage_chars+0x1b0/0x1f0
[ 60.315852][ T3752] ext4_free_blocks+0x1c4a/0x2810
[ 60.320858][ T3752] ? __lock_acquire+0x1f60/0x1f60
[ 60.325866][ T3752] ? trace_ext4_allocate_blocks+0x2f0/0x2f0
[ 60.331746][ T3752] ? rcu_read_lock_sched_held+0x87/0x110
[ 60.337360][ T3752] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.343508][ T3752] ? __ext4_journal_ensure_credits+0x2c/0x460
[ 60.349558][ T3752] ? ext4_inode_journal_mode+0x185/0x460
[ 60.355174][ T3752] ? trace_ext4_remove_blocks+0x10b/0x330
[ 60.360877][ T3752] ext4_ext_remove_space+0x1f5b/0x46b0
[ 60.366322][ T3752] ? ext4_da_release_space+0x1de/0x370
[ 60.371766][ T3752] ? ext4_ext_index_trans_blocks+0x120/0x120
[ 60.377724][ T3752] ? ext4_es_remove_extent+0x1ab/0x260
[ 60.383164][ T3752] ? trace_ext4_es_lookup_extent_exit+0x300/0x300
[ 60.389558][ T3752] ? down_write+0x1a5/0x270
[ 60.394043][ T3752] ? trace_ext4_fc_stats+0x2f0/0x2f0
[ 60.399305][ T3752] ? down_read_killable+0x80/0x80
[ 60.404312][ T3752] ext4_ext_truncate+0x177/0x220
[ 60.409232][ T3752] ext4_truncate+0xa7c/0xeb0
[ 60.413806][ T3752] ? __ext4_mark_inode_dirty+0x670/0x670
[ 60.419445][ T3752] ext4_process_orphan+0x1aa/0x2d0
[ 60.424537][ T3752] ext4_orphan_cleanup+0xb60/0x1340
[ 60.429716][ T3752] ? ext4_orphan_del+0xc20/0xc20
[ 60.434634][ T3752] ? __init_swait_queue_head+0xa6/0x140
[ 60.440162][ T3752] ? errseq_check_and_advance+0x5e/0x110
[ 60.445775][ T3752] ext4_fill_super+0x80ed/0x8610
[ 60.450698][ T3752] ? ext4_parse_test_dummy_encryption+0xb0/0xb0
[ 60.456919][ T3752] ? snprintf+0xc0/0x110
[ 60.461146][ T3752] ? set_blocksize+0x1d5/0x360
[ 60.465908][ T3752] get_tree_bdev+0x400/0x620
[ 60.470478][ T3752] ? ext4_parse_test_dummy_encryption+0xb0/0xb0
[ 60.476786][ T3752] vfs_get_tree+0x88/0x270
[ 60.481182][ T3752] do_new_mount+0x289/0xad0
[ 60.485666][ T3752] ? do_move_mount_old+0x150/0x150
[ 60.490761][ T3752] ? user_path_at_empty+0x149/0x1a0
[ 60.495947][ T3752] __se_sys_mount+0x2d3/0x3c0
[ 60.500624][ T3752] ? __x64_sys_mount+0xc0/0xc0
[ 60.505369][ T3752] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 60.511336][ T3752] ? __x64_sys_mount+0x1c/0xc0
[ 60.516079][ T3752] do_syscall_64+0x3d/0xb0
[ 60.520495][ T3752] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.526367][ T3752] RIP: 0033:0x7ff05ecbdcfa
[ 60.530763][ T3752] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.550354][ T3752] RSP: 002b:00007ffca3527d38 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 60.558751][ T3752] RAX: ffffffffffffffda RBX: 0000555556e312c0 RCX: 00007ff05ecbdcfa
[pid 3752] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3752] chdir("./file0") = 0
[pid 3752] ioctl(4, LOOP_CLR_FD) = 0
[pid 3752] close(4) = 0
[pid 3752] exit_group(0) = ?
[pid 3752] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./55/binderfs") = 0
[ 60.566718][ T3752] RDX: 0000000020000140 RSI: 0000000020000000 RDI: 00007ffca3527d80
[ 60.574670][ T3752] RBP: 0000000000000000 R08: 00007ffca3527dc0 R09: 00000000000004ae
[ 60.582619][ T3752] R10: 0000000000000047 R11: 0000000000000206 R12: 0000000000000004
[ 60.590569][ T3752] R13: 00007ffca3527dc0 R14: 0000000000000003 R15: 00007ffca3527d80
[ 60.598522][ T3752]
[ 60.604152][ T3752] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3754
./strace-static-x86_64: Process 3754 attached
[pid 3754] chdir("./56") = 0
[pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3754] setpgid(0, 0) = 0
[pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3754] write(3, "1000", 4) = 4
[pid 3754] close(3) = 0
[pid 3754] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3754] memfd_create("syzkaller", 0) = 3
[pid 3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3754] munmap(0x7ff05686f000, 262144) = 0
[pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3754] close(3) = 0
[pid 3754] mkdir("./file0", 0777) = 0
[pid 3754] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3754] chdir("./file0") = 0
[pid 3754] ioctl(4, LOOP_CLR_FD) = 0
[pid 3754] close(4) = 0
[pid 3754] exit_group(0) = ?
[pid 3754] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./56/binderfs") = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3756
./strace-static-x86_64: Process 3756 attached
[pid 3756] chdir("./57") = 0
[pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3756] setpgid(0, 0) = 0
[pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3756] write(3, "1000", 4) = 4
[pid 3756] close(3) = 0
[ 60.679012][ T3754] loop0: detected capacity change from 0 to 512
[ 60.698708][ T3754] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 60.706982][ T3754] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3756] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3756] memfd_create("syzkaller", 0) = 3
[pid 3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3756] munmap(0x7ff05686f000, 262144) = 0
[pid 3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3756] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3756] close(3) = 0
[pid 3756] mkdir("./file0", 0777) = 0
[pid 3756] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3756] chdir("./file0") = 0
[pid 3756] ioctl(4, LOOP_CLR_FD) = 0
[pid 3756] close(4) = 0
[pid 3756] exit_group(0) = ?
[pid 3756] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 60.746395][ T3756] loop0: detected capacity change from 0 to 512
[ 60.755880][ T3756] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 60.764060][ T3756] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3758
./strace-static-x86_64: Process 3758 attached
[pid 3758] chdir("./58") = 0
[pid 3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3758] setpgid(0, 0) = 0
[pid 3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3758] write(3, "1000", 4) = 4
[pid 3758] close(3) = 0
[pid 3758] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3758] memfd_create("syzkaller", 0) = 3
[pid 3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3758] munmap(0x7ff05686f000, 262144) = 0
[pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3758] close(3) = 0
[pid 3758] mkdir("./file0", 0777) = 0
[pid 3758] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3758] chdir("./file0") = 0
[pid 3758] ioctl(4, LOOP_CLR_FD) = 0
[pid 3758] close(4) = 0
[pid 3758] exit_group(0) = ?
[pid 3758] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 60.821545][ T3758] loop0: detected capacity change from 0 to 512
[ 60.831167][ T3758] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 60.839813][ T3758] EXT4-fs (loop0): 1 truncate cleaned up
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3760
./strace-static-x86_64: Process 3760 attached
[pid 3760] chdir("./59") = 0
[pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3760] setpgid(0, 0) = 0
[pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3760] write(3, "1000", 4) = 4
[pid 3760] close(3) = 0
[pid 3760] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3760] memfd_create("syzkaller", 0) = 3
[pid 3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3760] munmap(0x7ff05686f000, 262144) = 0
[pid 3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3760] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3760] close(3) = 0
[pid 3760] mkdir("./file0", 0777) = 0
[pid 3760] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3760] chdir("./file0") = 0
[pid 3760] ioctl(4, LOOP_CLR_FD) = 0
[pid 3760] close(4) = 0
[pid 3760] exit_group(0) = ?
[pid 3760] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./59/binderfs") = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 60.900205][ T3760] loop0: detected capacity change from 0 to 512
[ 60.909448][ T3760] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 60.918141][ T3760] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3762
./strace-static-x86_64: Process 3762 attached
[pid 3762] chdir("./60") = 0
[pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3762] setpgid(0, 0) = 0
[pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3762] write(3, "1000", 4) = 4
[pid 3762] close(3) = 0
[pid 3762] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3762] memfd_create("syzkaller", 0) = 3
[pid 3762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3762] munmap(0x7ff05686f000, 262144) = 0
[pid 3762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3762] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3762] close(3) = 0
[pid 3762] mkdir("./file0", 0777) = 0
[pid 3762] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3762] chdir("./file0") = 0
[pid 3762] ioctl(4, LOOP_CLR_FD) = 0
[pid 3762] close(4) = 0
[pid 3762] exit_group(0) = ?
[pid 3762] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3764 attached
, child_tidptr=0x555556e315d0) = 3764
[pid 3764] chdir("./61") = 0
[pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3764] setpgid(0, 0) = 0
[pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3764] write(3, "1000", 4) = 4
[pid 3764] close(3) = 0
[pid 3764] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3764] memfd_create("syzkaller", 0) = 3
[pid 3764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3764] munmap(0x7ff05686f000, 262144) = 0
[ 60.982751][ T3762] loop0: detected capacity change from 0 to 512
[ 60.993677][ T3762] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.003098][ T3762] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3764] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3764] close(3) = 0
[pid 3764] mkdir("./file0", 0777) = 0
[pid 3764] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3764] chdir("./file0") = 0
[pid 3764] ioctl(4, LOOP_CLR_FD) = 0
[pid 3764] close(4) = 0
[pid 3764] exit_group(0) = ?
[pid 3764] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./61/binderfs") = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 61.064867][ T3764] loop0: detected capacity change from 0 to 512
[ 61.074268][ T3764] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.083907][ T3764] EXT4-fs (loop0): 1 truncate cleaned up
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3766
./strace-static-x86_64: Process 3766 attached
[pid 3766] chdir("./62") = 0
[pid 3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3766] setpgid(0, 0) = 0
[pid 3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3766] write(3, "1000", 4) = 4
[pid 3766] close(3) = 0
[pid 3766] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3766] memfd_create("syzkaller", 0) = 3
[pid 3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3766] munmap(0x7ff05686f000, 262144) = 0
[pid 3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3766] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3766] close(3) = 0
[pid 3766] mkdir("./file0", 0777) = 0
[pid 3766] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3766] chdir("./file0") = 0
[pid 3766] ioctl(4, LOOP_CLR_FD) = 0
[pid 3766] close(4) = 0
[pid 3766] exit_group(0) = ?
[pid 3766] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./62/binderfs") = 0
[ 61.151616][ T3766] loop0: detected capacity change from 0 to 512
[ 61.161439][ T3766] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.170109][ T3766] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3768
./strace-static-x86_64: Process 3768 attached
[pid 3768] chdir("./63") = 0
[pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3768] setpgid(0, 0) = 0
[pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3768] write(3, "1000", 4) = 4
[pid 3768] close(3) = 0
[pid 3768] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3768] memfd_create("syzkaller", 0) = 3
[pid 3768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3768] munmap(0x7ff05686f000, 262144) = 0
[pid 3768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3768] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3768] close(3) = 0
[pid 3768] mkdir("./file0", 0777) = 0
[pid 3768] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3768] chdir("./file0") = 0
[pid 3768] ioctl(4, LOOP_CLR_FD) = 0
[pid 3768] close(4) = 0
[pid 3768] exit_group(0) = ?
[pid 3768] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 61.232056][ T3768] loop0: detected capacity change from 0 to 512
[ 61.241474][ T3768] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.249740][ T3768] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3770
./strace-static-x86_64: Process 3770 attached
[pid 3770] chdir("./64") = 0
[pid 3770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3770] setpgid(0, 0) = 0
[pid 3770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3770] write(3, "1000", 4) = 4
[pid 3770] close(3) = 0
[pid 3770] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3770] memfd_create("syzkaller", 0) = 3
[pid 3770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3770] munmap(0x7ff05686f000, 262144) = 0
[pid 3770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3770] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3770] close(3) = 0
[pid 3770] mkdir("./file0", 0777) = 0
[pid 3770] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3770] chdir("./file0") = 0
[pid 3770] ioctl(4, LOOP_CLR_FD) = 0
[pid 3770] close(4) = 0
[pid 3770] exit_group(0) = ?
[pid 3770] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3770, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 61.309857][ T3770] loop0: detected capacity change from 0 to 512
[ 61.319453][ T3770] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.328319][ T3770] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3772 attached
, child_tidptr=0x555556e315d0) = 3772
[pid 3772] chdir("./65") = 0
[pid 3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3772] setpgid(0, 0) = 0
[pid 3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3772] write(3, "1000", 4) = 4
[pid 3772] close(3) = 0
[pid 3772] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3772] memfd_create("syzkaller", 0) = 3
[pid 3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3772] munmap(0x7ff05686f000, 262144) = 0
[pid 3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3772] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3772] close(3) = 0
[pid 3772] mkdir("./file0", 0777) = 0
[pid 3772] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3772] chdir("./file0") = 0
[pid 3772] ioctl(4, LOOP_CLR_FD) = 0
[pid 3772] close(4) = 0
[pid 3772] exit_group(0) = ?
[pid 3772] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./65/binderfs") = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 61.403282][ T3772] loop0: detected capacity change from 0 to 512
[ 61.412663][ T3772] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.421898][ T3772] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3774
./strace-static-x86_64: Process 3774 attached
[pid 3774] chdir("./66") = 0
[pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3774] setpgid(0, 0) = 0
[pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3774] write(3, "1000", 4) = 4
[pid 3774] close(3) = 0
[pid 3774] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3774] memfd_create("syzkaller", 0) = 3
[pid 3774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3774] munmap(0x7ff05686f000, 262144) = 0
[pid 3774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3774] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3774] close(3) = 0
[pid 3774] mkdir("./file0", 0777) = 0
[pid 3774] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3774] chdir("./file0") = 0
[pid 3774] ioctl(4, LOOP_CLR_FD) = 0
[pid 3774] close(4) = 0
[pid 3774] exit_group(0) = ?
[pid 3774] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./66/binderfs") = 0
[ 61.480076][ T3774] loop0: detected capacity change from 0 to 512
[ 61.489108][ T3774] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.497776][ T3774] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3776
./strace-static-x86_64: Process 3776 attached
[pid 3776] chdir("./67") = 0
[pid 3776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3776] setpgid(0, 0) = 0
[pid 3776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3776] write(3, "1000", 4) = 4
[pid 3776] close(3) = 0
[pid 3776] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3776] memfd_create("syzkaller", 0) = 3
[pid 3776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3776] munmap(0x7ff05686f000, 262144) = 0
[pid 3776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3776] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3776] close(3) = 0
[pid 3776] mkdir("./file0", 0777) = 0
[pid 3776] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3776] chdir("./file0") = 0
[pid 3776] ioctl(4, LOOP_CLR_FD) = 0
[pid 3776] close(4) = 0
[pid 3776] exit_group(0) = ?
[pid 3776] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3776, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./67/binderfs") = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3778 attached
, child_tidptr=0x555556e315d0) = 3778
[pid 3778] chdir("./68") = 0
[pid 3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3778] setpgid(0, 0) = 0
[pid 3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3778] write(3, "1000", 4) = 4
[pid 3778] close(3) = 0
[pid 3778] symlink("/dev/binderfs", "./binderfs") = 0
[ 61.566246][ T3776] loop0: detected capacity change from 0 to 512
[ 61.577684][ T3776] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.585991][ T3776] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3778] memfd_create("syzkaller", 0) = 3
[pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3778] munmap(0x7ff05686f000, 262144) = 0
[pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3778] close(3) = 0
[pid 3778] mkdir("./file0", 0777) = 0
[pid 3778] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3778] chdir("./file0") = 0
[pid 3778] ioctl(4, LOOP_CLR_FD) = 0
[pid 3778] close(4) = 0
[pid 3778] exit_group(0) = ?
[pid 3778] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./68/binderfs") = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3780
./strace-static-x86_64: Process 3780 attached
[pid 3780] chdir("./69") = 0
[pid 3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3780] setpgid(0, 0) = 0
[pid 3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3780] write(3, "1000", 4) = 4
[pid 3780] close(3) = 0
[pid 3780] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3780] memfd_create("syzkaller", 0) = 3
[pid 3780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 61.651499][ T3778] loop0: detected capacity change from 0 to 512
[ 61.656253][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 61.670841][ T3778] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.680231][ T3778] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3780] munmap(0x7ff05686f000, 262144) = 0
[pid 3780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3780] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3780] close(3) = 0
[pid 3780] mkdir("./file0", 0777) = 0
[pid 3780] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3780] chdir("./file0") = 0
[pid 3780] ioctl(4, LOOP_CLR_FD) = 0
[pid 3780] close(4) = 0
[pid 3780] exit_group(0) = ?
[pid 3780] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./69/binderfs") = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3782
./strace-static-x86_64: Process 3782 attached
[pid 3782] chdir("./70") = 0
[pid 3782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3782] setpgid(0, 0) = 0
[pid 3782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3782] write(3, "1000", 4) = 4
[pid 3782] close(3) = 0
[pid 3782] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3782] memfd_create("syzkaller", 0) = 3
[pid 3782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3782] munmap(0x7ff05686f000, 262144) = 0
[pid 3782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.736758][ T3780] loop0: detected capacity change from 0 to 512
[ 61.738308][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 61.755841][ T3780] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.764233][ T3780] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3782] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3782] close(3) = 0
[pid 3782] mkdir("./file0", 0777) = 0
[pid 3782] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3782] chdir("./file0") = 0
[pid 3782] ioctl(4, LOOP_CLR_FD) = 0
[pid 3782] close(4) = 0
[pid 3782] exit_group(0) = ?
[pid 3782] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3782, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./70/binderfs") = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3784
./strace-static-x86_64: Process 3784 attached
[pid 3784] chdir("./71") = 0
[pid 3784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3784] setpgid(0, 0) = 0
[pid 3784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3784] write(3, "1000", 4) = 4
[pid 3784] close(3) = 0
[pid 3784] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3784] memfd_create("syzkaller", 0) = 3
[ 61.806911][ T3782] loop0: detected capacity change from 0 to 512
[ 61.817913][ T3782] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.826978][ T3782] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3784] munmap(0x7ff05686f000, 262144) = 0
[pid 3784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3784] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3784] close(3) = 0
[pid 3784] mkdir("./file0", 0777) = 0
[pid 3784] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3784] chdir("./file0") = 0
[pid 3784] ioctl(4, LOOP_CLR_FD) = 0
[pid 3784] close(4) = 0
[pid 3784] exit_group(0) = ?
[pid 3784] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3784, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./71/binderfs") = 0
[ 61.892611][ T3784] loop0: detected capacity change from 0 to 512
[ 61.901951][ T3784] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.910971][ T3784] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3786
./strace-static-x86_64: Process 3786 attached
[pid 3786] chdir("./72") = 0
[pid 3786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3786] setpgid(0, 0) = 0
[pid 3786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3786] write(3, "1000", 4) = 4
[pid 3786] close(3) = 0
[pid 3786] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3786] memfd_create("syzkaller", 0) = 3
[pid 3786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3786] munmap(0x7ff05686f000, 262144) = 0
[pid 3786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3786] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3786] close(3) = 0
[pid 3786] mkdir("./file0", 0777) = 0
[pid 3786] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3786] chdir("./file0") = 0
[pid 3786] ioctl(4, LOOP_CLR_FD) = 0
[ 61.980054][ T3786] loop0: detected capacity change from 0 to 512
[ 61.989583][ T3786] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 61.998201][ T3786] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3786] close(4) = 0
[pid 3786] exit_group(0) = ?
[pid 3786] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3786, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./72/binderfs") = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3788
./strace-static-x86_64: Process 3788 attached
[pid 3788] chdir("./73") = 0
[pid 3788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3788] setpgid(0, 0) = 0
[pid 3788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3788] write(3, "1000", 4) = 4
[pid 3788] close(3) = 0
[pid 3788] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3788] memfd_create("syzkaller", 0) = 3
[pid 3788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3788] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3788] munmap(0x7ff05686f000, 262144) = 0
[pid 3788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3788] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3788] close(3) = 0
[pid 3788] mkdir("./file0", 0777) = 0
[pid 3788] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3788] chdir("./file0") = 0
[pid 3788] ioctl(4, LOOP_CLR_FD) = 0
[ 62.074095][ T3788] loop0: detected capacity change from 0 to 512
[ 62.084754][ T3788] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.092923][ T3788] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3788] close(4) = 0
[pid 3788] exit_group(0) = ?
[pid 3788] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3788, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./73/binderfs") = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3790
./strace-static-x86_64: Process 3790 attached
[pid 3790] chdir("./74") = 0
[pid 3790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3790] setpgid(0, 0) = 0
[pid 3790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3790] write(3, "1000", 4) = 4
[pid 3790] close(3) = 0
[pid 3790] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3790] memfd_create("syzkaller", 0) = 3
[pid 3790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3790] munmap(0x7ff05686f000, 262144) = 0
[pid 3790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3790] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3790] close(3) = 0
[pid 3790] mkdir("./file0", 0777) = 0
[pid 3790] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3790] chdir("./file0") = 0
[pid 3790] ioctl(4, LOOP_CLR_FD) = 0
[pid 3790] close(4) = 0
[pid 3790] exit_group(0) = ?
[pid 3790] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3790, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./74/binderfs") = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file0") = 0
[ 62.171768][ T3790] loop0: detected capacity change from 0 to 512
[ 62.181020][ T3790] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.189417][ T3790] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3792
./strace-static-x86_64: Process 3792 attached
[pid 3792] chdir("./75") = 0
[pid 3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3792] setpgid(0, 0) = 0
[pid 3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3792] write(3, "1000", 4) = 4
[pid 3792] close(3) = 0
[pid 3792] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3792] memfd_create("syzkaller", 0) = 3
[pid 3792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3792] munmap(0x7ff05686f000, 262144) = 0
[pid 3792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3792] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3792] close(3) = 0
[pid 3792] mkdir("./file0", 0777) = 0
[pid 3792] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3792] chdir("./file0") = 0
[pid 3792] ioctl(4, LOOP_CLR_FD) = 0
[pid 3792] close(4) = 0
[pid 3792] exit_group(0) = ?
[pid 3792] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 62.247629][ T3792] loop0: detected capacity change from 0 to 512
[ 62.258488][ T3792] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.267285][ T3792] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./75/binderfs") = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3794
./strace-static-x86_64: Process 3794 attached
[pid 3794] chdir("./76") = 0
[pid 3794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3794] setpgid(0, 0) = 0
[pid 3794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3794] write(3, "1000", 4) = 4
[pid 3794] close(3) = 0
[pid 3794] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3794] memfd_create("syzkaller", 0) = 3
[pid 3794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3794] munmap(0x7ff05686f000, 262144) = 0
[pid 3794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3794] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3794] close(3) = 0
[pid 3794] mkdir("./file0", 0777) = 0
[pid 3794] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3794] chdir("./file0") = 0
[pid 3794] ioctl(4, LOOP_CLR_FD) = 0
[pid 3794] close(4) = 0
[pid 3794] exit_group(0) = ?
[pid 3794] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3794, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./76/binderfs") = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3796
./strace-static-x86_64: Process 3796 attached
[pid 3796] chdir("./77") = 0
[pid 3796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3796] setpgid(0, 0) = 0
[pid 3796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3796] write(3, "1000", 4) = 4
[pid 3796] close(3) = 0
[pid 3796] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3796] memfd_create("syzkaller", 0) = 3
[pid 3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 62.324932][ T3794] loop0: detected capacity change from 0 to 512
[ 62.328874][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 62.344246][ T3794] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.353190][ T3794] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3796] munmap(0x7ff05686f000, 262144) = 0
[pid 3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3796] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3796] close(3) = 0
[pid 3796] mkdir("./file0", 0777) = 0
[pid 3796] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3796] chdir("./file0") = 0
[pid 3796] ioctl(4, LOOP_CLR_FD) = 0
[pid 3796] close(4) = 0
[pid 3796] exit_group(0) = ?
[pid 3796] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3796, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./77/binderfs") = 0
[ 62.408295][ T3796] loop0: detected capacity change from 0 to 512
[ 62.419071][ T3796] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.427442][ T3796] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3798
./strace-static-x86_64: Process 3798 attached
[pid 3798] chdir("./78") = 0
[pid 3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3798] setpgid(0, 0) = 0
[pid 3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3798] write(3, "1000", 4) = 4
[pid 3798] close(3) = 0
[pid 3798] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3798] memfd_create("syzkaller", 0) = 3
[pid 3798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3798] munmap(0x7ff05686f000, 262144) = 0
[pid 3798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3798] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3798] close(3) = 0
[pid 3798] mkdir("./file0", 0777) = 0
[pid 3798] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3798] chdir("./file0") = 0
[pid 3798] ioctl(4, LOOP_CLR_FD) = 0
[pid 3798] close(4) = 0
[pid 3798] exit_group(0) = ?
[pid 3798] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./78/binderfs") = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 62.482094][ T3798] loop0: detected capacity change from 0 to 512
[ 62.492710][ T3798] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.501131][ T3798] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3800
./strace-static-x86_64: Process 3800 attached
[pid 3800] chdir("./79") = 0
[pid 3800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3800] setpgid(0, 0) = 0
[pid 3800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3800] write(3, "1000", 4) = 4
[pid 3800] close(3) = 0
[pid 3800] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3800] memfd_create("syzkaller", 0) = 3
[pid 3800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3800] munmap(0x7ff05686f000, 262144) = 0
[pid 3800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3800] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3800] close(3) = 0
[pid 3800] mkdir("./file0", 0777) = 0
[pid 3800] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3800] chdir("./file0") = 0
[pid 3800] ioctl(4, LOOP_CLR_FD) = 0
[pid 3800] close(4) = 0
[pid 3800] exit_group(0) = ?
[pid 3800] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3800, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./79/binderfs") = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3802
./strace-static-x86_64: Process 3802 attached
[pid 3802] chdir("./80") = 0
[pid 3802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3802] setpgid(0, 0) = 0
[pid 3802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3802] write(3, "1000", 4) = 4
[pid 3802] close(3) = 0
[pid 3802] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3802] memfd_create("syzkaller", 0) = 3
[pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[ 62.553013][ T3800] loop0: detected capacity change from 0 to 512
[ 62.562278][ T3800] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.571099][ T3800] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3802] munmap(0x7ff05686f000, 262144) = 0
[pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3802] close(3) = 0
[pid 3802] mkdir("./file0", 0777) = 0
[pid 3802] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3802] chdir("./file0") = 0
[pid 3802] ioctl(4, LOOP_CLR_FD) = 0
[pid 3802] close(4) = 0
[pid 3802] exit_group(0) = ?
[pid 3802] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3802, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./80/binderfs") = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 62.617016][ T3802] loop0: detected capacity change from 0 to 512
[ 62.618250][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 62.635789][ T3802] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.646220][ T3802] EXT4-fs (loop0): 1 truncate cleaned up
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3804
./strace-static-x86_64: Process 3804 attached
[pid 3804] chdir("./81") = 0
[pid 3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3804] setpgid(0, 0) = 0
[pid 3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3804] write(3, "1000", 4) = 4
[pid 3804] close(3) = 0
[pid 3804] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3804] memfd_create("syzkaller", 0) = 3
[pid 3804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3804] munmap(0x7ff05686f000, 262144) = 0
[pid 3804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3804] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3804] close(3) = 0
[pid 3804] mkdir("./file0", 0777) = 0
[pid 3804] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3804] chdir("./file0") = 0
[pid 3804] ioctl(4, LOOP_CLR_FD) = 0
[pid 3804] close(4) = 0
[pid 3804] exit_group(0) = ?
[pid 3804] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./81/binderfs") = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 62.717210][ T3804] loop0: detected capacity change from 0 to 512
[ 62.726674][ T3804] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.735039][ T3804] EXT4-fs (loop0): 1 truncate cleaned up
lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3806
./strace-static-x86_64: Process 3806 attached
[pid 3806] chdir("./82") = 0
[pid 3806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3806] setpgid(0, 0) = 0
[pid 3806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3806] write(3, "1000", 4) = 4
[pid 3806] close(3) = 0
[pid 3806] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3806] memfd_create("syzkaller", 0) = 3
[pid 3806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3806] munmap(0x7ff05686f000, 262144) = 0
[pid 3806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3806] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3806] close(3) = 0
[pid 3806] mkdir("./file0", 0777) = 0
[pid 3806] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3806] chdir("./file0") = 0
[pid 3806] ioctl(4, LOOP_CLR_FD) = 0
[pid 3806] close(4) = 0
[pid 3806] exit_group(0) = ?
[pid 3806] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3806, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./82/binderfs") = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3808 attached
[pid 3808] chdir("./83"
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3808
[pid 3808] <... chdir resumed>) = 0
[pid 3808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3808] setpgid(0, 0) = 0
[ 62.798842][ T3806] loop0: detected capacity change from 0 to 512
[ 62.809772][ T3806] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.819074][ T3806] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3808] write(3, "1000", 4) = 4
[pid 3808] close(3) = 0
[pid 3808] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3808] memfd_create("syzkaller", 0) = 3
[pid 3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3808] munmap(0x7ff05686f000, 262144) = 0
[pid 3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3808] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3808] close(3) = 0
[pid 3808] mkdir("./file0", 0777) = 0
[pid 3808] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3808] chdir("./file0") = 0
[pid 3808] ioctl(4, LOOP_CLR_FD) = 0
[pid 3808] close(4) = 0
[pid 3808] exit_group(0) = ?
[pid 3808] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3808, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./83/binderfs") = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3810 attached
, child_tidptr=0x555556e315d0) = 3810
[pid 3810] chdir("./84") = 0
[ 62.888330][ T3808] loop0: detected capacity change from 0 to 512
[ 62.898630][ T3808] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.908458][ T3808] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3810] setpgid(0, 0) = 0
[pid 3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3810] write(3, "1000", 4) = 4
[pid 3810] close(3) = 0
[pid 3810] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3810] memfd_create("syzkaller", 0) = 3
[pid 3810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3810] munmap(0x7ff05686f000, 262144) = 0
[pid 3810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3810] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3810] close(3) = 0
[pid 3810] mkdir("./file0", 0777) = 0
[pid 3810] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3810] chdir("./file0") = 0
[pid 3810] ioctl(4, LOOP_CLR_FD) = 0
[pid 3810] close(4) = 0
[pid 3810] exit_group(0) = ?
[pid 3810] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 62.978966][ T3810] loop0: detected capacity change from 0 to 512
[ 62.988354][ T3810] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 62.997483][ T3810] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./84/binderfs") = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3812 attached
, child_tidptr=0x555556e315d0) = 3812
[pid 3812] chdir("./85") = 0
[pid 3812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3812] setpgid(0, 0) = 0
[pid 3812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3812] write(3, "1000", 4) = 4
[pid 3812] close(3) = 0
[pid 3812] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3812] memfd_create("syzkaller", 0) = 3
[pid 3812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3812] munmap(0x7ff05686f000, 262144) = 0
[pid 3812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3812] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3812] close(3) = 0
[pid 3812] mkdir("./file0", 0777) = 0
[pid 3812] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3812] chdir("./file0") = 0
[pid 3812] ioctl(4, LOOP_CLR_FD) = 0
[pid 3812] close(4) = 0
[pid 3812] exit_group(0) = ?
[pid 3812] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3812, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./85/binderfs") = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 63.074916][ T3812] loop0: detected capacity change from 0 to 512
[ 63.084296][ T3812] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.092649][ T3812] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3814
./strace-static-x86_64: Process 3814 attached
[pid 3814] chdir("./86") = 0
[pid 3814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3814] setpgid(0, 0) = 0
[pid 3814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3814] write(3, "1000", 4) = 4
[pid 3814] close(3) = 0
[pid 3814] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3814] memfd_create("syzkaller", 0) = 3
[pid 3814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3814] munmap(0x7ff05686f000, 262144) = 0
[pid 3814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3814] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3814] close(3) = 0
[pid 3814] mkdir("./file0", 0777) = 0
[pid 3814] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3814] chdir("./file0") = 0
[pid 3814] ioctl(4, LOOP_CLR_FD) = 0
[pid 3814] close(4) = 0
[pid 3814] exit_group(0) = ?
[pid 3814] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3814, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./86/binderfs") = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3816
[ 63.142401][ T3814] loop0: detected capacity change from 0 to 512
[ 63.151996][ T3814] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.161692][ T3814] EXT4-fs (loop0): 1 truncate cleaned up
./strace-static-x86_64: Process 3816 attached
[pid 3816] chdir("./87") = 0
[pid 3816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3816] setpgid(0, 0) = 0
[pid 3816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3816] write(3, "1000", 4) = 4
[pid 3816] close(3) = 0
[pid 3816] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3816] memfd_create("syzkaller", 0) = 3
[pid 3816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3816] munmap(0x7ff05686f000, 262144) = 0
[pid 3816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3816] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3816] close(3) = 0
[pid 3816] mkdir("./file0", 0777) = 0
[pid 3816] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3816] chdir("./file0") = 0
[pid 3816] ioctl(4, LOOP_CLR_FD) = 0
[pid 3816] close(4) = 0
[pid 3816] exit_group(0) = ?
[pid 3816] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3816, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./87/binderfs") = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 63.217296][ T3816] loop0: detected capacity change from 0 to 512
[ 63.218775][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 63.235887][ T3816] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.247118][ T3816] EXT4-fs (loop0): 1 truncate cleaned up
lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3818
./strace-static-x86_64: Process 3818 attached
[pid 3818] chdir("./88") = 0
[pid 3818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3818] setpgid(0, 0) = 0
[pid 3818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3818] write(3, "1000", 4) = 4
[pid 3818] close(3) = 0
[pid 3818] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3818] memfd_create("syzkaller", 0) = 3
[pid 3818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3818] munmap(0x7ff05686f000, 262144) = 0
[pid 3818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3818] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3818] close(3) = 0
[pid 3818] mkdir("./file0", 0777) = 0
[pid 3818] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3818] chdir("./file0") = 0
[pid 3818] ioctl(4, LOOP_CLR_FD) = 0
[pid 3818] close(4) = 0
[pid 3818] exit_group(0) = ?
[pid 3818] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3818, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./88/binderfs") = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
[ 63.330617][ T3818] loop0: detected capacity change from 0 to 512
[ 63.340383][ T3818] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.349259][ T3818] EXT4-fs (loop0): 1 truncate cleaned up
close(4) = 0
rmdir("./88/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3820
./strace-static-x86_64: Process 3820 attached
[pid 3820] chdir("./89") = 0
[pid 3820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3820] setpgid(0, 0) = 0
[pid 3820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3820] write(3, "1000", 4) = 4
[pid 3820] close(3) = 0
[pid 3820] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3820] memfd_create("syzkaller", 0) = 3
[pid 3820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3820] munmap(0x7ff05686f000, 262144) = 0
[pid 3820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3820] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3820] close(3) = 0
[pid 3820] mkdir("./file0", 0777) = 0
[pid 3820] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3820] chdir("./file0") = 0
[pid 3820] ioctl(4, LOOP_CLR_FD) = 0
[ 63.403992][ T3820] loop0: detected capacity change from 0 to 512
[ 63.414176][ T3820] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.422647][ T3820] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3820] close(4) = 0
[pid 3820] exit_group(0) = ?
[pid 3820] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3820, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./89/binderfs") = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3822
./strace-static-x86_64: Process 3822 attached
[pid 3822] chdir("./90") = 0
[pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3822] setpgid(0, 0) = 0
[pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3822] write(3, "1000", 4) = 4
[pid 3822] close(3) = 0
[pid 3822] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3822] memfd_create("syzkaller", 0) = 3
[pid 3822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3822] munmap(0x7ff05686f000, 262144) = 0
[pid 3822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3822] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3822] close(3) = 0
[pid 3822] mkdir("./file0", 0777) = 0
[pid 3822] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3822] chdir("./file0") = 0
[pid 3822] ioctl(4, LOOP_CLR_FD) = 0
[pid 3822] close(4) = 0
[pid 3822] exit_group(0) = ?
[ 63.493743][ T3822] loop0: detected capacity change from 0 to 512
[ 63.504402][ T3822] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.512616][ T3822] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3822] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./90/binderfs") = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3824
./strace-static-x86_64: Process 3824 attached
[pid 3824] chdir("./91") = 0
[pid 3824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3824] setpgid(0, 0) = 0
[pid 3824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3824] write(3, "1000", 4) = 4
[pid 3824] close(3) = 0
[pid 3824] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3824] memfd_create("syzkaller", 0) = 3
[pid 3824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3824] munmap(0x7ff05686f000, 262144) = 0
[pid 3824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3824] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3824] close(3) = 0
[pid 3824] mkdir("./file0", 0777) = 0
[pid 3824] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3824] chdir("./file0") = 0
[pid 3824] ioctl(4, LOOP_CLR_FD) = 0
[pid 3824] close(4) = 0
[pid 3824] exit_group(0) = ?
[pid 3824] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3824, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./91/binderfs") = 0
[ 63.589606][ T3824] loop0: detected capacity change from 0 to 512
[ 63.600625][ T3824] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.609132][ T3824] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3826
./strace-static-x86_64: Process 3826 attached
[pid 3826] chdir("./92") = 0
[pid 3826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3826] setpgid(0, 0) = 0
[pid 3826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3826] write(3, "1000", 4) = 4
[pid 3826] close(3) = 0
[pid 3826] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3826] memfd_create("syzkaller", 0) = 3
[pid 3826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3826] munmap(0x7ff05686f000, 262144) = 0
[pid 3826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3826] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3826] close(3) = 0
[pid 3826] mkdir("./file0", 0777) = 0
[pid 3826] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3826] chdir("./file0") = 0
[pid 3826] ioctl(4, LOOP_CLR_FD) = 0
[ 63.665482][ T3826] loop0: detected capacity change from 0 to 512
[ 63.675212][ T3826] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.683711][ T3826] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3826] close(4) = 0
[pid 3826] exit_group(0) = ?
[pid 3826] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3826, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./92/binderfs") = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3828
./strace-static-x86_64: Process 3828 attached
[pid 3828] chdir("./93") = 0
[pid 3828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3828] setpgid(0, 0) = 0
[pid 3828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3828] write(3, "1000", 4) = 4
[pid 3828] close(3) = 0
[pid 3828] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3828] memfd_create("syzkaller", 0) = 3
[pid 3828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3828] munmap(0x7ff05686f000, 262144) = 0
[pid 3828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3828] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3828] close(3) = 0
[pid 3828] mkdir("./file0", 0777) = 0
[pid 3828] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3828] chdir("./file0") = 0
[pid 3828] ioctl(4, LOOP_CLR_FD) = 0
[pid 3828] close(4) = 0
[pid 3828] exit_group(0) = ?
[pid 3828] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3828, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./93/binderfs") = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
[ 63.762084][ T3828] loop0: detected capacity change from 0 to 512
[ 63.772161][ T3828] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.780259][ T3828] EXT4-fs (loop0): 1 truncate cleaned up
close(4) = 0
rmdir("./93/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3830
./strace-static-x86_64: Process 3830 attached
[pid 3830] chdir("./94") = 0
[pid 3830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3830] setpgid(0, 0) = 0
[pid 3830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3830] write(3, "1000", 4) = 4
[pid 3830] close(3) = 0
[pid 3830] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3830] memfd_create("syzkaller", 0) = 3
[pid 3830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3830] munmap(0x7ff05686f000, 262144) = 0
[pid 3830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3830] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3830] close(3) = 0
[pid 3830] mkdir("./file0", 0777) = 0
[pid 3830] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3830] chdir("./file0") = 0
[pid 3830] ioctl(4, LOOP_CLR_FD) = 0
[pid 3830] close(4) = 0
[pid 3830] exit_group(0) = ?
[pid 3830] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3830, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./94/binderfs") = 0
[ 63.853458][ T3830] loop0: detected capacity change from 0 to 512
[ 63.862918][ T3830] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.871822][ T3830] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3832
./strace-static-x86_64: Process 3832 attached
[pid 3832] chdir("./95") = 0
[pid 3832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3832] setpgid(0, 0) = 0
[pid 3832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3832] write(3, "1000", 4) = 4
[pid 3832] close(3) = 0
[pid 3832] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3832] memfd_create("syzkaller", 0) = 3
[pid 3832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3832] munmap(0x7ff05686f000, 262144) = 0
[pid 3832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3832] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3832] close(3) = 0
[pid 3832] mkdir("./file0", 0777) = 0
[pid 3832] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3832] chdir("./file0") = 0
[pid 3832] ioctl(4, LOOP_CLR_FD) = 0
[pid 3832] close(4) = 0
[pid 3832] exit_group(0) = ?
[pid 3832] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3832, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./95/binderfs") = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
[ 63.933202][ T3832] loop0: detected capacity change from 0 to 512
[ 63.942714][ T3832] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 63.951817][ T3832] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3834
./strace-static-x86_64: Process 3834 attached
[pid 3834] chdir("./96") = 0
[pid 3834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3834] setpgid(0, 0) = 0
[pid 3834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3834] write(3, "1000", 4) = 4
[pid 3834] close(3) = 0
[pid 3834] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3834] memfd_create("syzkaller", 0) = 3
[pid 3834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3834] munmap(0x7ff05686f000, 262144) = 0
[pid 3834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3834] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3834] close(3) = 0
[pid 3834] mkdir("./file0", 0777) = 0
[pid 3834] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3834] chdir("./file0") = 0
[pid 3834] ioctl(4, LOOP_CLR_FD) = 0
[pid 3834] close(4) = 0
[pid 3834] exit_group(0) = ?
[pid 3834] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3834, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./96/binderfs") = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 64.022252][ T3834] loop0: detected capacity change from 0 to 512
[ 64.032656][ T3834] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.041470][ T3834] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3836
./strace-static-x86_64: Process 3836 attached
[pid 3836] chdir("./97") = 0
[pid 3836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3836] setpgid(0, 0) = 0
[pid 3836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3836] write(3, "1000", 4) = 4
[pid 3836] close(3) = 0
[pid 3836] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3836] memfd_create("syzkaller", 0) = 3
[pid 3836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3836] munmap(0x7ff05686f000, 262144) = 0
[pid 3836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3836] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3836] close(3) = 0
[pid 3836] mkdir("./file0", 0777) = 0
[pid 3836] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3836] chdir("./file0") = 0
[pid 3836] ioctl(4, LOOP_CLR_FD) = 0
[pid 3836] close(4) = 0
[pid 3836] exit_group(0) = ?
[pid 3836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3836, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./97/binderfs") = 0
[ 64.103533][ T3836] loop0: detected capacity change from 0 to 512
[ 64.113705][ T3836] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.122294][ T3836] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3838
./strace-static-x86_64: Process 3838 attached
[pid 3838] chdir("./98") = 0
[pid 3838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3838] setpgid(0, 0) = 0
[pid 3838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3838] write(3, "1000", 4) = 4
[pid 3838] close(3) = 0
[pid 3838] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3838] memfd_create("syzkaller", 0) = 3
[pid 3838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3838] munmap(0x7ff05686f000, 262144) = 0
[pid 3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3838] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3838] close(3) = 0
[pid 3838] mkdir("./file0", 0777) = 0
[pid 3838] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3838] chdir("./file0") = 0
[pid 3838] ioctl(4, LOOP_CLR_FD) = 0
[pid 3838] close(4) = 0
[pid 3838] exit_group(0) = ?
[pid 3838] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3838, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 64.187693][ T3838] loop0: detected capacity change from 0 to 512
[ 64.197742][ T3838] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.206657][ T3838] EXT4-fs (loop0): 1 truncate cleaned up
unlink("./98/binderfs") = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3840
./strace-static-x86_64: Process 3840 attached
[pid 3840] chdir("./99") = 0
[pid 3840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3840] setpgid(0, 0) = 0
[pid 3840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3840] write(3, "1000", 4) = 4
[pid 3840] close(3) = 0
[pid 3840] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3840] memfd_create("syzkaller", 0) = 3
[pid 3840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3840] munmap(0x7ff05686f000, 262144) = 0
[pid 3840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3840] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3840] close(3) = 0
[pid 3840] mkdir("./file0", 0777) = 0
[pid 3840] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3840] chdir("./file0") = 0
[pid 3840] ioctl(4, LOOP_CLR_FD) = 0
[pid 3840] close(4) = 0
[pid 3840] exit_group(0) = ?
[pid 3840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3840, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./99/binderfs") = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 64.272551][ T3840] loop0: detected capacity change from 0 to 512
[ 64.283512][ T3840] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.291939][ T3840] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3842
./strace-static-x86_64: Process 3842 attached
[pid 3842] chdir("./100") = 0
[pid 3842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3842] setpgid(0, 0) = 0
[pid 3842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3842] write(3, "1000", 4) = 4
[pid 3842] close(3) = 0
[pid 3842] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3842] memfd_create("syzkaller", 0) = 3
[pid 3842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3842] munmap(0x7ff05686f000, 262144) = 0
[pid 3842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3842] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3842] close(3) = 0
[pid 3842] mkdir("./file0", 0777) = 0
[pid 3842] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3842] chdir("./file0") = 0
[pid 3842] ioctl(4, LOOP_CLR_FD) = 0
[pid 3842] close(4) = 0
[pid 3842] exit_group(0) = ?
[pid 3842] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3842, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./100/binderfs") = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 64.352677][ T3842] loop0: detected capacity change from 0 to 512
[ 64.362033][ T3842] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.370799][ T3842] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3844
./strace-static-x86_64: Process 3844 attached
[pid 3844] chdir("./101") = 0
[pid 3844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3844] setpgid(0, 0) = 0
[pid 3844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3844] write(3, "1000", 4) = 4
[pid 3844] close(3) = 0
[pid 3844] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3844] memfd_create("syzkaller", 0) = 3
[pid 3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3844] munmap(0x7ff05686f000, 262144) = 0
[pid 3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3844] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3844] close(3) = 0
[pid 3844] mkdir("./file0", 0777) = 0
[pid 3844] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3844] chdir("./file0") = 0
[pid 3844] ioctl(4, LOOP_CLR_FD) = 0
[pid 3844] close(4) = 0
[pid 3844] exit_group(0) = ?
[pid 3844] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3844, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./101/binderfs") = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3846
./strace-static-x86_64: Process 3846 attached
[pid 3846] chdir("./102") = 0
[pid 3846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3846] setpgid(0, 0) = 0
[pid 3846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3846] write(3, "1000", 4) = 4
[pid 3846] close(3) = 0
[ 64.433746][ T3844] loop0: detected capacity change from 0 to 512
[ 64.443507][ T3844] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.452985][ T3844] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3846] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3846] memfd_create("syzkaller", 0) = 3
[pid 3846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3846] munmap(0x7ff05686f000, 262144) = 0
[pid 3846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3846] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3846] close(3) = 0
[pid 3846] mkdir("./file0", 0777) = 0
[pid 3846] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3846] chdir("./file0") = 0
[pid 3846] ioctl(4, LOOP_CLR_FD) = 0
[pid 3846] close(4) = 0
[pid 3846] exit_group(0) = ?
[pid 3846] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3846, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./102/binderfs") = 0
[ 64.502431][ T3846] loop0: detected capacity change from 0 to 512
[ 64.511900][ T3846] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.520235][ T3846] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3848 attached
[pid 3848] chdir("./103") = 0
[pid 3848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3848] setpgid(0, 0) = 0
[pid 3848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3848
[pid 3848] <... openat resumed>) = 3
[pid 3848] write(3, "1000", 4) = 4
[pid 3848] close(3) = 0
[pid 3848] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3848] memfd_create("syzkaller", 0) = 3
[pid 3848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3848] munmap(0x7ff05686f000, 262144) = 0
[pid 3848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3848] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3848] close(3) = 0
[pid 3848] mkdir("./file0", 0777) = 0
[pid 3848] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3848] chdir("./file0") = 0
[pid 3848] ioctl(4, LOOP_CLR_FD) = 0
[pid 3848] close(4) = 0
[pid 3848] exit_group(0) = ?
[pid 3848] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3848, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./103/binderfs") = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3850 attached
, child_tidptr=0x555556e315d0) = 3850
[pid 3850] chdir("./104") = 0
[pid 3850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3850] setpgid(0, 0) = 0
[pid 3850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3850] write(3, "1000", 4) = 4
[pid 3850] close(3) = 0
[pid 3850] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3850] memfd_create("syzkaller", 0) = 3
[ 64.589821][ T3848] loop0: detected capacity change from 0 to 512
[ 64.600962][ T3848] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.609634][ T3848] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3850] munmap(0x7ff05686f000, 262144) = 0
[pid 3850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3850] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3850] close(3) = 0
[pid 3850] mkdir("./file0", 0777) = 0
[pid 3850] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3850] chdir("./file0") = 0
[pid 3850] ioctl(4, LOOP_CLR_FD) = 0
[pid 3850] close(4) = 0
[pid 3850] exit_group(0) = ?
[pid 3850] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3850, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 64.678733][ T3850] loop0: detected capacity change from 0 to 512
[ 64.688570][ T3850] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.697826][ T3850] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./104/binderfs") = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3852 attached
, child_tidptr=0x555556e315d0) = 3852
[pid 3852] chdir("./105") = 0
[pid 3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3852] setpgid(0, 0) = 0
[pid 3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3852] write(3, "1000", 4) = 4
[pid 3852] close(3) = 0
[pid 3852] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3852] memfd_create("syzkaller", 0) = 3
[pid 3852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3852] munmap(0x7ff05686f000, 262144) = 0
[pid 3852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3852] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3852] close(3) = 0
[pid 3852] mkdir("./file0", 0777) = 0
[pid 3852] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3852] chdir("./file0") = 0
[pid 3852] ioctl(4, LOOP_CLR_FD) = 0
[pid 3852] close(4) = 0
[pid 3852] exit_group(0) = ?
[pid 3852] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./105/binderfs") = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3854
./strace-static-x86_64: Process 3854 attached
[pid 3854] chdir("./106") = 0
[pid 3854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3854] setpgid(0, 0) = 0
[ 64.776442][ T3852] loop0: detected capacity change from 0 to 512
[ 64.786009][ T3852] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.794095][ T3852] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3854] write(3, "1000", 4) = 4
[pid 3854] close(3) = 0
[pid 3854] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3854] memfd_create("syzkaller", 0) = 3
[pid 3854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3854] munmap(0x7ff05686f000, 262144) = 0
[pid 3854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3854] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3854] close(3) = 0
[pid 3854] mkdir("./file0", 0777) = 0
[pid 3854] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3854] chdir("./file0") = 0
[pid 3854] ioctl(4, LOOP_CLR_FD) = 0
[pid 3854] close(4) = 0
[pid 3854] exit_group(0) = ?
[ 64.843279][ T3854] loop0: detected capacity change from 0 to 512
[ 64.853349][ T3854] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.862329][ T3854] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3854] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3854, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./106/binderfs") = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3856
./strace-static-x86_64: Process 3856 attached
[pid 3856] chdir("./107") = 0
[pid 3856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3856] setpgid(0, 0) = 0
[pid 3856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3856] write(3, "1000", 4) = 4
[pid 3856] close(3) = 0
[pid 3856] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3856] memfd_create("syzkaller", 0) = 3
[pid 3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3856] munmap(0x7ff05686f000, 262144) = 0
[pid 3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3856] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3856] close(3) = 0
[pid 3856] mkdir("./file0", 0777) = 0
[pid 3856] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3856] chdir("./file0") = 0
[pid 3856] ioctl(4, LOOP_CLR_FD) = 0
[pid 3856] close(4) = 0
[pid 3856] exit_group(0) = ?
[pid 3856] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3856, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./107/binderfs") = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./107/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./107") = 0
mkdir("./108", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3858
./strace-static-x86_64: Process 3858 attached
[pid 3858] chdir("./108") = 0
[pid 3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3858] setpgid(0, 0) = 0
[pid 3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3858] write(3, "1000", 4) = 4
[pid 3858] close(3) = 0
[pid 3858] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3858] memfd_create("syzkaller", 0) = 3
[pid 3858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3858] munmap(0x7ff05686f000, 262144) = 0
[pid 3858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 64.940714][ T3856] loop0: detected capacity change from 0 to 512
[ 64.952651][ T3856] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 64.961337][ T3856] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3858] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3858] close(3) = 0
[pid 3858] mkdir("./file0", 0777) = 0
[pid 3858] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3858] chdir("./file0") = 0
[pid 3858] ioctl(4, LOOP_CLR_FD) = 0
[pid 3858] close(4) = 0
[pid 3858] exit_group(0) = ?
[pid 3858] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./108/binderfs") = 0
[ 65.020158][ T3858] loop0: detected capacity change from 0 to 512
[ 65.029533][ T3858] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.037962][ T3858] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./108/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./108") = 0
mkdir("./109", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3860
./strace-static-x86_64: Process 3860 attached
[pid 3860] chdir("./109") = 0
[pid 3860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3860] setpgid(0, 0) = 0
[pid 3860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3860] write(3, "1000", 4) = 4
[pid 3860] close(3) = 0
[pid 3860] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3860] memfd_create("syzkaller", 0) = 3
[pid 3860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3860] munmap(0x7ff05686f000, 262144) = 0
[pid 3860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3860] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3860] close(3) = 0
[pid 3860] mkdir("./file0", 0777) = 0
[pid 3860] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3860] chdir("./file0") = 0
[pid 3860] ioctl(4, LOOP_CLR_FD) = 0
[pid 3860] close(4) = 0
[pid 3860] exit_group(0) = ?
[pid 3860] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3860, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./109/binderfs") = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./109/file0") = 0
[ 65.106397][ T3860] loop0: detected capacity change from 0 to 512
[ 65.116225][ T3860] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.124323][ T3860] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./109") = 0
mkdir("./110", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3862
./strace-static-x86_64: Process 3862 attached
[pid 3862] chdir("./110") = 0
[pid 3862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3862] setpgid(0, 0) = 0
[pid 3862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3862] write(3, "1000", 4) = 4
[pid 3862] close(3) = 0
[pid 3862] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3862] memfd_create("syzkaller", 0) = 3
[pid 3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3862] munmap(0x7ff05686f000, 262144) = 0
[pid 3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3862] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3862] close(3) = 0
[pid 3862] mkdir("./file0", 0777) = 0
[pid 3862] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3862] chdir("./file0") = 0
[pid 3862] ioctl(4, LOOP_CLR_FD) = 0
[pid 3862] close(4) = 0
[pid 3862] exit_group(0) = ?
[pid 3862] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3862, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./110/binderfs") = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./110/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./110") = 0
mkdir("./111", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 65.187179][ T3862] loop0: detected capacity change from 0 to 512
[ 65.196533][ T3862] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.205641][ T3862] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3864 attached
[pid 3864] chdir("./111"
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3864
[pid 3864] <... chdir resumed>) = 0
[pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3864] setpgid(0, 0) = 0
[pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3864] write(3, "1000", 4) = 4
[pid 3864] close(3) = 0
[pid 3864] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3864] memfd_create("syzkaller", 0) = 3
[pid 3864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3864] munmap(0x7ff05686f000, 262144) = 0
[pid 3864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3864] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3864] close(3) = 0
[pid 3864] mkdir("./file0", 0777) = 0
[pid 3864] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3864] chdir("./file0") = 0
[pid 3864] ioctl(4, LOOP_CLR_FD) = 0
[pid 3864] close(4) = 0
[pid 3864] exit_group(0) = ?
[pid 3864] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 65.260343][ T3864] loop0: detected capacity change from 0 to 512
[ 65.270153][ T3864] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.278508][ T3864] EXT4-fs (loop0): 1 truncate cleaned up
unlink("./111/binderfs") = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./111/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./111") = 0
mkdir("./112", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3866
./strace-static-x86_64: Process 3866 attached
[pid 3866] chdir("./112") = 0
[pid 3866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3866] setpgid(0, 0) = 0
[pid 3866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3866] write(3, "1000", 4) = 4
[pid 3866] close(3) = 0
[pid 3866] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3866] memfd_create("syzkaller", 0) = 3
[pid 3866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3866] munmap(0x7ff05686f000, 262144) = 0
[pid 3866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3866] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3866] close(3) = 0
[pid 3866] mkdir("./file0", 0777) = 0
[pid 3866] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3866] chdir("./file0") = 0
[pid 3866] ioctl(4, LOOP_CLR_FD) = 0
[pid 3866] close(4) = 0
[pid 3866] exit_group(0) = ?
[pid 3866] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3866, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./112/binderfs") = 0
[ 65.341394][ T3866] loop0: detected capacity change from 0 to 512
[ 65.350950][ T3866] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.359830][ T3866] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./112/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./112") = 0
mkdir("./113", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3868 attached
[pid 3868] chdir("./113") = 0
[pid 3868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3868] setpgid(0, 0) = 0
[pid 3868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3868] write(3, "1000", 4) = 4
[pid 3868] close(3) = 0
[pid 3868] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3868] memfd_create("syzkaller", 0) = 3
[pid 3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3868
[pid 3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3868] munmap(0x7ff05686f000, 262144) = 0
[pid 3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3868] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3868] close(3) = 0
[pid 3868] mkdir("./file0", 0777) = 0
[pid 3868] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3868] chdir("./file0") = 0
[pid 3868] ioctl(4, LOOP_CLR_FD) = 0
[pid 3868] close(4) = 0
[pid 3868] exit_group(0) = ?
[pid 3868] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3868, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./113/binderfs") = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./113/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./113") = 0
mkdir("./114", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3870
./strace-static-x86_64: Process 3870 attached
[pid 3870] chdir("./114") = 0
[pid 3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3870] setpgid(0, 0) = 0
[pid 3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 65.424171][ T3868] loop0: detected capacity change from 0 to 512
[ 65.433404][ T3868] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.443422][ T3868] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3870] write(3, "1000", 4) = 4
[pid 3870] close(3) = 0
[pid 3870] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3870] memfd_create("syzkaller", 0) = 3
[pid 3870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3870] munmap(0x7ff05686f000, 262144) = 0
[pid 3870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3870] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3870] close(3) = 0
[pid 3870] mkdir("./file0", 0777) = 0
[pid 3870] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3870] chdir("./file0") = 0
[pid 3870] ioctl(4, LOOP_CLR_FD) = 0
[pid 3870] close(4) = 0
[pid 3870] exit_group(0) = ?
[pid 3870] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./114/binderfs") = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 65.492775][ T3870] loop0: detected capacity change from 0 to 512
[ 65.502193][ T3870] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.510563][ T3870] EXT4-fs (loop0): 1 truncate cleaned up
lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./114/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./114") = 0
mkdir("./115", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3872 attached
, child_tidptr=0x555556e315d0) = 3872
[pid 3872] chdir("./115") = 0
[pid 3872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3872] setpgid(0, 0) = 0
[pid 3872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3872] write(3, "1000", 4) = 4
[pid 3872] close(3) = 0
[pid 3872] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3872] memfd_create("syzkaller", 0) = 3
[pid 3872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3872] munmap(0x7ff05686f000, 262144) = 0
[pid 3872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3872] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3872] close(3) = 0
[pid 3872] mkdir("./file0", 0777) = 0
[pid 3872] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3872] chdir("./file0") = 0
[pid 3872] ioctl(4, LOOP_CLR_FD) = 0
[pid 3872] close(4) = 0
[pid 3872] exit_group(0) = ?
[pid 3872] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./115/binderfs") = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 65.577205][ T3872] loop0: detected capacity change from 0 to 512
[ 65.587148][ T3872] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.595813][ T3872] EXT4-fs (loop0): 1 truncate cleaned up
rmdir("./115/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./115") = 0
mkdir("./116", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3874
./strace-static-x86_64: Process 3874 attached
[pid 3874] chdir("./116") = 0
[pid 3874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3874] setpgid(0, 0) = 0
[pid 3874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3874] write(3, "1000", 4) = 4
[pid 3874] close(3) = 0
[pid 3874] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3874] memfd_create("syzkaller", 0) = 3
[pid 3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3874] munmap(0x7ff05686f000, 262144) = 0
[pid 3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3874] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3874] close(3) = 0
[pid 3874] mkdir("./file0", 0777) = 0
[pid 3874] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3874] chdir("./file0") = 0
[pid 3874] ioctl(4, LOOP_CLR_FD) = 0
[pid 3874] close(4) = 0
[pid 3874] exit_group(0) = ?
[pid 3874] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./116/binderfs") = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./116/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./116") = 0
mkdir("./117", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3876
./strace-static-x86_64: Process 3876 attached
[ 65.663915][ T3874] loop0: detected capacity change from 0 to 512
[ 65.675368][ T3874] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.683949][ T3874] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3876] chdir("./117") = 0
[pid 3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3876] setpgid(0, 0) = 0
[pid 3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3876] write(3, "1000", 4) = 4
[pid 3876] close(3) = 0
[pid 3876] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3876] memfd_create("syzkaller", 0) = 3
[pid 3876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3876] munmap(0x7ff05686f000, 262144) = 0
[pid 3876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3876] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3876] close(3) = 0
[pid 3876] mkdir("./file0", 0777) = 0
[pid 3876] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3876] chdir("./file0") = 0
[pid 3876] ioctl(4, LOOP_CLR_FD) = 0
[pid 3876] close(4) = 0
[pid 3876] exit_group(0) = ?
[pid 3876] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./117/binderfs") = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./117/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./117") = 0
mkdir("./118", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3878
./strace-static-x86_64: Process 3878 attached
[pid 3878] chdir("./118") = 0
[pid 3878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3878] setpgid(0, 0) = 0
[pid 3878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3878] write(3, "1000", 4) = 4
[pid 3878] close(3) = 0
[pid 3878] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3878] memfd_create("syzkaller", 0) = 3
[ 65.756310][ T3876] loop0: detected capacity change from 0 to 512
[ 65.766944][ T3876] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.776392][ T3876] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3878] munmap(0x7ff05686f000, 262144) = 0
[pid 3878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3878] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3878] close(3) = 0
[pid 3878] mkdir("./file0", 0777) = 0
[pid 3878] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3878] chdir("./file0") = 0
[pid 3878] ioctl(4, LOOP_CLR_FD) = 0
[pid 3878] close(4) = 0
[pid 3878] exit_group(0) = ?
[pid 3878] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./118/binderfs") = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./118/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./118") = 0
mkdir("./119", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3880
./strace-static-x86_64: Process 3880 attached
[pid 3880] chdir("./119") = 0
[pid 3880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3880] setpgid(0, 0) = 0
[pid 3880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3880] write(3, "1000", 4) = 4
[pid 3880] close(3) = 0
[pid 3880] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3880] memfd_create("syzkaller", 0) = 3
[ 65.831935][ T3878] loop0: detected capacity change from 0 to 512
[ 65.836516][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 65.850486][ T3878] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.859211][ T3878] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3880] munmap(0x7ff05686f000, 262144) = 0
[pid 3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3880] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3880] close(3) = 0
[pid 3880] mkdir("./file0", 0777) = 0
[pid 3880] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3880] chdir("./file0") = 0
[pid 3880] ioctl(4, LOOP_CLR_FD) = 0
[pid 3880] close(4) = 0
[pid 3880] exit_group(0) = ?
[pid 3880] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 65.918219][ T3880] loop0: detected capacity change from 0 to 512
[ 65.927657][ T3880] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 65.936121][ T3880] EXT4-fs (loop0): 1 truncate cleaned up
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./119/binderfs") = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./119/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./119") = 0
mkdir("./120", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3882 attached
[pid 3882] chdir("./120") = 0
[pid 3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3882] setpgid(0, 0) = 0
[pid 3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3882] write(3, "1000", 4) = 4
[pid 3882] close(3) = 0
[pid 3882] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3882] memfd_create("syzkaller", 0) = 3
[pid 3882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3882
[pid 3882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3882] munmap(0x7ff05686f000, 262144) = 0
[pid 3882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3882] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3882] close(3) = 0
[pid 3882] mkdir("./file0", 0777) = 0
[pid 3882] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3882] chdir("./file0") = 0
[pid 3882] ioctl(4, LOOP_CLR_FD) = 0
[pid 3882] close(4) = 0
[pid 3882] exit_group(0) = ?
[pid 3882] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./120/binderfs") = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./120/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./120") = 0
mkdir("./121", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3884
./strace-static-x86_64: Process 3884 attached
[pid 3884] chdir("./121") = 0
[pid 3884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3884] setpgid(0, 0) = 0
[pid 3884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3884] write(3, "1000", 4) = 4
[ 66.007721][ T3882] loop0: detected capacity change from 0 to 512
[ 66.018485][ T3882] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.026548][ T3882] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3884] close(3) = 0
[pid 3884] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3884] memfd_create("syzkaller", 0) = 3
[pid 3884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3884] munmap(0x7ff05686f000, 262144) = 0
[pid 3884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3884] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3884] close(3) = 0
[pid 3884] mkdir("./file0", 0777) = 0
[pid 3884] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3884] chdir("./file0") = 0
[pid 3884] ioctl(4, LOOP_CLR_FD) = 0
[pid 3884] close(4) = 0
[pid 3884] exit_group(0) = ?
[pid 3884] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3884, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./121/binderfs") = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./121/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./121") = 0
mkdir("./122", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3886
./strace-static-x86_64: Process 3886 attached
[pid 3886] chdir("./122") = 0
[pid 3886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 66.075872][ T3884] loop0: detected capacity change from 0 to 512
[ 66.086804][ T3884] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.095748][ T3884] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3886] setpgid(0, 0) = 0
[pid 3886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3886] write(3, "1000", 4) = 4
[pid 3886] close(3) = 0
[pid 3886] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3886] memfd_create("syzkaller", 0) = 3
[pid 3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3886] munmap(0x7ff05686f000, 262144) = 0
[pid 3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3886] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3886] close(3) = 0
[pid 3886] mkdir("./file0", 0777) = 0
[pid 3886] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3886] chdir("./file0") = 0
[pid 3886] ioctl(4, LOOP_CLR_FD) = 0
[pid 3886] close(4) = 0
[pid 3886] exit_group(0) = ?
[pid 3886] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3886, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./122/binderfs") = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./122/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./122") = 0
mkdir("./123", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3888
./strace-static-x86_64: Process 3888 attached
[pid 3888] chdir("./123") = 0
[pid 3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3888] setpgid(0, 0) = 0
[pid 3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3888] write(3, "1000", 4) = 4
[ 66.176652][ T3886] loop0: detected capacity change from 0 to 512
[ 66.186057][ T3886] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.194699][ T3886] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3888] close(3) = 0
[pid 3888] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3888] memfd_create("syzkaller", 0) = 3
[pid 3888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3888] munmap(0x7ff05686f000, 262144) = 0
[pid 3888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3888] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3888] close(3) = 0
[pid 3888] mkdir("./file0", 0777) = 0
[pid 3888] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3888] chdir("./file0") = 0
[pid 3888] ioctl(4, LOOP_CLR_FD) = 0
[pid 3888] close(4) = 0
[pid 3888] exit_group(0) = ?
[pid 3888] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./123/binderfs") = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./123/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./123") = 0
mkdir("./124", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3890
./strace-static-x86_64: Process 3890 attached
[pid 3890] chdir("./124") = 0
[pid 3890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3890] setpgid(0, 0) = 0
[pid 3890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3890] write(3, "1000", 4) = 4
[pid 3890] close(3) = 0
[ 66.250885][ T3888] loop0: detected capacity change from 0 to 512
[ 66.261847][ T3888] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.270623][ T3888] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3890] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3890] memfd_create("syzkaller", 0) = 3
[pid 3890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3890] munmap(0x7ff05686f000, 262144) = 0
[pid 3890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3890] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3890] close(3) = 0
[pid 3890] mkdir("./file0", 0777) = 0
[pid 3890] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3890] chdir("./file0") = 0
[pid 3890] ioctl(4, LOOP_CLR_FD) = 0
[pid 3890] close(4) = 0
[pid 3890] exit_group(0) = ?
[pid 3890] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3890, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./124/binderfs") = 0
[ 66.337848][ T3890] loop0: detected capacity change from 0 to 512
[ 66.347778][ T3890] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.356710][ T3890] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./124/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./124") = 0
mkdir("./125", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3892
./strace-static-x86_64: Process 3892 attached
[pid 3892] chdir("./125") = 0
[pid 3892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3892] setpgid(0, 0) = 0
[pid 3892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3892] write(3, "1000", 4) = 4
[pid 3892] close(3) = 0
[pid 3892] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3892] memfd_create("syzkaller", 0) = 3
[pid 3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3892] munmap(0x7ff05686f000, 262144) = 0
[pid 3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3892] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3892] close(3) = 0
[pid 3892] mkdir("./file0", 0777) = 0
[pid 3892] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3892] chdir("./file0") = 0
[pid 3892] ioctl(4, LOOP_CLR_FD) = 0
[pid 3892] close(4) = 0
[pid 3892] exit_group(0) = ?
[pid 3892] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3892, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./125/binderfs") = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./125/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./125") = 0
mkdir("./126", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 66.420129][ T3892] loop0: detected capacity change from 0 to 512
[ 66.429846][ T3892] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.438091][ T3892] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3894 attached
, child_tidptr=0x555556e315d0) = 3894
[pid 3894] chdir("./126") = 0
[pid 3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3894] setpgid(0, 0) = 0
[pid 3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3894] write(3, "1000", 4) = 4
[pid 3894] close(3) = 0
[pid 3894] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3894] memfd_create("syzkaller", 0) = 3
[pid 3894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3894] munmap(0x7ff05686f000, 262144) = 0
[pid 3894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3894] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3894] close(3) = 0
[pid 3894] mkdir("./file0", 0777) = 0
[pid 3894] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3894] chdir("./file0") = 0
[pid 3894] ioctl(4, LOOP_CLR_FD) = 0
[pid 3894] close(4) = 0
[pid 3894] exit_group(0) = ?
[pid 3894] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./126/binderfs") = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./126/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./126") = 0
mkdir("./127", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3896
./strace-static-x86_64: Process 3896 attached
[pid 3896] chdir("./127") = 0
[pid 3896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3896] setpgid(0, 0) = 0
[pid 3896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3896] write(3, "1000", 4) = 4
[pid 3896] close(3) = 0
[pid 3896] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3896] memfd_create("syzkaller", 0) = 3
[ 66.497214][ T3894] loop0: detected capacity change from 0 to 512
[ 66.508279][ T3894] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.517073][ T3894] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3896] munmap(0x7ff05686f000, 262144) = 0
[pid 3896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3896] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3896] close(3) = 0
[pid 3896] mkdir("./file0", 0777) = 0
[pid 3896] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3896] chdir("./file0") = 0
[pid 3896] ioctl(4, LOOP_CLR_FD) = 0
[pid 3896] close(4) = 0
[pid 3896] exit_group(0) = ?
[pid 3896] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3896, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./127/binderfs") = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 66.581148][ T3896] loop0: detected capacity change from 0 to 512
[ 66.590608][ T3896] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.599927][ T3896] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./127/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./127") = 0
mkdir("./128", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3898 attached
[pid 3898] chdir("./128") = 0
[pid 3898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3898
[pid 3898] setpgid(0, 0) = 0
[pid 3898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3898] write(3, "1000", 4) = 4
[pid 3898] close(3) = 0
[pid 3898] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3898] memfd_create("syzkaller", 0) = 3
[pid 3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3898] munmap(0x7ff05686f000, 262144) = 0
[pid 3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3898] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3898] close(3) = 0
[pid 3898] mkdir("./file0", 0777) = 0
[pid 3898] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3898] chdir("./file0") = 0
[pid 3898] ioctl(4, LOOP_CLR_FD) = 0
[pid 3898] close(4) = 0
[pid 3898] exit_group(0) = ?
[pid 3898] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3898, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 66.659822][ T3898] loop0: detected capacity change from 0 to 512
[ 66.668823][ T3898] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.677402][ T3898] EXT4-fs (loop0): 1 truncate cleaned up
unlink("./128/binderfs") = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./128/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./128") = 0
mkdir("./129", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3900
./strace-static-x86_64: Process 3900 attached
[pid 3900] chdir("./129") = 0
[pid 3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3900] setpgid(0, 0) = 0
[pid 3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3900] write(3, "1000", 4) = 4
[pid 3900] close(3) = 0
[pid 3900] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3900] memfd_create("syzkaller", 0) = 3
[pid 3900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3900] munmap(0x7ff05686f000, 262144) = 0
[pid 3900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3900] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3900] close(3) = 0
[pid 3900] mkdir("./file0", 0777) = 0
[pid 3900] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3900] chdir("./file0") = 0
[pid 3900] ioctl(4, LOOP_CLR_FD) = 0
[pid 3900] close(4) = 0
[pid 3900] exit_group(0) = ?
[pid 3900] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./129/binderfs") = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 66.742542][ T3900] loop0: detected capacity change from 0 to 512
[ 66.752442][ T3900] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.761378][ T3900] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./129/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./129") = 0
mkdir("./130", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3902
./strace-static-x86_64: Process 3902 attached
[pid 3902] chdir("./130") = 0
[pid 3902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3902] setpgid(0, 0) = 0
[pid 3902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3902] write(3, "1000", 4) = 4
[pid 3902] close(3) = 0
[pid 3902] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3902] memfd_create("syzkaller", 0) = 3
[pid 3902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3902] munmap(0x7ff05686f000, 262144) = 0
[pid 3902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3902] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3902] close(3) = 0
[pid 3902] mkdir("./file0", 0777) = 0
[pid 3902] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3902] chdir("./file0") = 0
[pid 3902] ioctl(4, LOOP_CLR_FD) = 0
[pid 3902] close(4) = 0
[pid 3902] exit_group(0) = ?
[pid 3902] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3902, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./130/binderfs") = 0
[ 66.824834][ T3902] loop0: detected capacity change from 0 to 512
[ 66.834255][ T3902] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.842757][ T3902] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./130/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./130") = 0
mkdir("./131", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3904
./strace-static-x86_64: Process 3904 attached
[pid 3904] chdir("./131") = 0
[pid 3904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3904] setpgid(0, 0) = 0
[pid 3904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3904] write(3, "1000", 4) = 4
[pid 3904] close(3) = 0
[pid 3904] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3904] memfd_create("syzkaller", 0) = 3
[pid 3904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3904] munmap(0x7ff05686f000, 262144) = 0
[pid 3904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3904] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3904] close(3) = 0
[pid 3904] mkdir("./file0", 0777) = 0
[pid 3904] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3904] chdir("./file0") = 0
[pid 3904] ioctl(4, LOOP_CLR_FD) = 0
[pid 3904] close(4) = 0
[pid 3904] exit_group(0) = ?
[pid 3904] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3904, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./131/binderfs") = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./131/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./131") = 0
mkdir("./132", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 66.914263][ T3904] loop0: detected capacity change from 0 to 512
[ 66.925698][ T3904] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 66.934182][ T3904] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3906
./strace-static-x86_64: Process 3906 attached
[pid 3906] chdir("./132") = 0
[pid 3906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3906] setpgid(0, 0) = 0
[pid 3906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3906] write(3, "1000", 4) = 4
[pid 3906] close(3) = 0
[pid 3906] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3906] memfd_create("syzkaller", 0) = 3
[pid 3906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3906] munmap(0x7ff05686f000, 262144) = 0
[pid 3906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3906] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3906] close(3) = 0
[pid 3906] mkdir("./file0", 0777) = 0
[pid 3906] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3906] chdir("./file0") = 0
[pid 3906] ioctl(4, LOOP_CLR_FD) = 0
[pid 3906] close(4) = 0
[pid 3906] exit_group(0) = ?
[pid 3906] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3906, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./132/binderfs") = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 67.012323][ T3906] loop0: detected capacity change from 0 to 512
[ 67.021608][ T3906] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.029697][ T3906] EXT4-fs (loop0): 1 truncate cleaned up
lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./132/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./132") = 0
mkdir("./133", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3908
./strace-static-x86_64: Process 3908 attached
[pid 3908] chdir("./133") = 0
[pid 3908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3908] setpgid(0, 0) = 0
[pid 3908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3908] write(3, "1000", 4) = 4
[pid 3908] close(3) = 0
[pid 3908] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3908] memfd_create("syzkaller", 0) = 3
[pid 3908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3908] munmap(0x7ff05686f000, 262144) = 0
[pid 3908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3908] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3908] close(3) = 0
[pid 3908] mkdir("./file0", 0777) = 0
[pid 3908] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3908] chdir("./file0") = 0
[pid 3908] ioctl(4, LOOP_CLR_FD) = 0
[pid 3908] close(4) = 0
[pid 3908] exit_group(0) = ?
[pid 3908] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3908, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./133/binderfs") = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./133/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./133") = 0
mkdir("./134", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3910
./strace-static-x86_64: Process 3910 attached
[pid 3910] chdir("./134") = 0
[pid 3910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3910] setpgid(0, 0) = 0
[ 67.101056][ T3908] loop0: detected capacity change from 0 to 512
[ 67.112253][ T3908] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.121510][ T3908] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3910] write(3, "1000", 4) = 4
[pid 3910] close(3) = 0
[pid 3910] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3910] memfd_create("syzkaller", 0) = 3
[pid 3910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3910] munmap(0x7ff05686f000, 262144) = 0
[pid 3910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3910] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3910] close(3) = 0
[pid 3910] mkdir("./file0", 0777) = 0
[pid 3910] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3910] chdir("./file0") = 0
[pid 3910] ioctl(4, LOOP_CLR_FD) = 0
[pid 3910] close(4) = 0
[pid 3910] exit_group(0) = ?
[pid 3910] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3910, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./134/binderfs") = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./134/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./134") = 0
mkdir("./135", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 67.187682][ T3910] loop0: detected capacity change from 0 to 512
[ 67.198024][ T3910] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.207272][ T3910] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3912
./strace-static-x86_64: Process 3912 attached
[pid 3912] chdir("./135") = 0
[pid 3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3912] setpgid(0, 0) = 0
[pid 3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3912] write(3, "1000", 4) = 4
[pid 3912] close(3) = 0
[pid 3912] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3912] memfd_create("syzkaller", 0) = 3
[pid 3912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3912] munmap(0x7ff05686f000, 262144) = 0
[pid 3912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3912] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3912] close(3) = 0
[pid 3912] mkdir("./file0", 0777) = 0
[pid 3912] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3912] chdir("./file0") = 0
[pid 3912] ioctl(4, LOOP_CLR_FD) = 0
[pid 3912] close(4) = 0
[pid 3912] exit_group(0) = ?
[pid 3912] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./135/binderfs") = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./135/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./135") = 0
mkdir("./136", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3914
./strace-static-x86_64: Process 3914 attached
[pid 3914] chdir("./136") = 0
[pid 3914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3914] setpgid(0, 0) = 0
[pid 3914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3914] write(3, "1000", 4) = 4
[pid 3914] close(3) = 0
[pid 3914] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3914] memfd_create("syzkaller", 0) = 3
[pid 3914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 67.264060][ T3912] loop0: detected capacity change from 0 to 512
[ 67.273169][ T3912] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.282077][ T3912] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3914] munmap(0x7ff05686f000, 262144) = 0
[pid 3914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3914] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3914] close(3) = 0
[pid 3914] mkdir("./file0", 0777) = 0
[pid 3914] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3914] chdir("./file0") = 0
[pid 3914] ioctl(4, LOOP_CLR_FD) = 0
[pid 3914] close(4) = 0
[pid 3914] exit_group(0) = ?
[pid 3914] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3914, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./136/binderfs") = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./136/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./136") = 0
mkdir("./137", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3916
./strace-static-x86_64: Process 3916 attached
[ 67.326203][ T3914] loop0: detected capacity change from 0 to 512
[ 67.329766][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 67.344863][ T3914] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.358478][ T3914] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3916] chdir("./137") = 0
[pid 3916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3916] setpgid(0, 0) = 0
[pid 3916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3916] write(3, "1000", 4) = 4
[pid 3916] close(3) = 0
[pid 3916] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3916] memfd_create("syzkaller", 0) = 3
[pid 3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3916] munmap(0x7ff05686f000, 262144) = 0
[pid 3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3916] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3916] close(3) = 0
[pid 3916] mkdir("./file0", 0777) = 0
[pid 3916] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3916] chdir("./file0") = 0
[pid 3916] ioctl(4, LOOP_CLR_FD) = 0
[pid 3916] close(4) = 0
[ 67.423528][ T3916] loop0: detected capacity change from 0 to 512
[ 67.433883][ T3916] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.442807][ T3916] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3916] exit_group(0) = ?
[pid 3916] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3916, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./137/binderfs") = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./137/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./137") = 0
mkdir("./138", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3918 attached
[pid 3918] chdir("./138") = 0
[pid 3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3637] <... clone resumed>, child_tidptr=0x555556e315d0) = 3918
[pid 3918] setpgid(0, 0) = 0
[pid 3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3918] write(3, "1000", 4) = 4
[pid 3918] close(3) = 0
[pid 3918] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3918] memfd_create("syzkaller", 0) = 3
[pid 3918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3918] munmap(0x7ff05686f000, 262144) = 0
[pid 3918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3918] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3918] close(3) = 0
[pid 3918] mkdir("./file0", 0777) = 0
[pid 3918] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3918] chdir("./file0") = 0
[pid 3918] ioctl(4, LOOP_CLR_FD) = 0
[pid 3918] close(4) = 0
[pid 3918] exit_group(0) = ?
[pid 3918] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./138/binderfs") = 0
[ 67.520043][ T3918] loop0: detected capacity change from 0 to 512
[ 67.530753][ T3918] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.539608][ T3918] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./138/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./138") = 0
mkdir("./139", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3920
./strace-static-x86_64: Process 3920 attached
[pid 3920] chdir("./139") = 0
[pid 3920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3920] setpgid(0, 0) = 0
[pid 3920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3920] write(3, "1000", 4) = 4
[pid 3920] close(3) = 0
[pid 3920] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3920] memfd_create("syzkaller", 0) = 3
[pid 3920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3920] munmap(0x7ff05686f000, 262144) = 0
[pid 3920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3920] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3920] close(3) = 0
[pid 3920] mkdir("./file0", 0777) = 0
[ 67.607111][ T3920] loop0: detected capacity change from 0 to 512
[ 67.616687][ T3920] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.625116][ T3920] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3920] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3920] chdir("./file0") = 0
[pid 3920] ioctl(4, LOOP_CLR_FD) = 0
[pid 3920] close(4) = 0
[pid 3920] exit_group(0) = ?
[pid 3920] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3920, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./139/binderfs") = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./139/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./139") = 0
mkdir("./140", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3922
./strace-static-x86_64: Process 3922 attached
[pid 3922] chdir("./140") = 0
[pid 3922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3922] setpgid(0, 0) = 0
[pid 3922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3922] write(3, "1000", 4) = 4
[pid 3922] close(3) = 0
[pid 3922] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3922] memfd_create("syzkaller", 0) = 3
[pid 3922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3922] munmap(0x7ff05686f000, 262144) = 0
[pid 3922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3922] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3922] close(3) = 0
[pid 3922] mkdir("./file0", 0777) = 0
[pid 3922] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3922] chdir("./file0") = 0
[pid 3922] ioctl(4, LOOP_CLR_FD) = 0
[pid 3922] close(4) = 0
[pid 3922] exit_group(0) = ?
[ 67.718935][ T3922] loop0: detected capacity change from 0 to 512
[ 67.728480][ T3922] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.737013][ T3922] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3922] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3922, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./140/binderfs") = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./140/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./140") = 0
mkdir("./141", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3924
./strace-static-x86_64: Process 3924 attached
[pid 3924] chdir("./141") = 0
[pid 3924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3924] setpgid(0, 0) = 0
[pid 3924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3924] write(3, "1000", 4) = 4
[pid 3924] close(3) = 0
[pid 3924] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3924] memfd_create("syzkaller", 0) = 3
[pid 3924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3924] munmap(0x7ff05686f000, 262144) = 0
[pid 3924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3924] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3924] close(3) = 0
[pid 3924] mkdir("./file0", 0777) = 0
[pid 3924] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3924] chdir("./file0") = 0
[pid 3924] ioctl(4, LOOP_CLR_FD) = 0
[pid 3924] close(4) = 0
[pid 3924] exit_group(0) = ?
[pid 3924] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3924, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 67.799433][ T3924] loop0: detected capacity change from 0 to 512
[ 67.809039][ T3924] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.817417][ T3924] EXT4-fs (loop0): 1 truncate cleaned up
unlink("./141/binderfs") = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./141/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./141") = 0
mkdir("./142", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3926
./strace-static-x86_64: Process 3926 attached
[pid 3926] chdir("./142") = 0
[pid 3926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3926] setpgid(0, 0) = 0
[pid 3926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3926] write(3, "1000", 4) = 4
[pid 3926] close(3) = 0
[pid 3926] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3926] memfd_create("syzkaller", 0) = 3
[pid 3926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3926] munmap(0x7ff05686f000, 262144) = 0
[pid 3926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3926] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3926] close(3) = 0
[pid 3926] mkdir("./file0", 0777) = 0
[pid 3926] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3926] chdir("./file0") = 0
[pid 3926] ioctl(4, LOOP_CLR_FD) = 0
[pid 3926] close(4) = 0
[pid 3926] exit_group(0) = ?
[pid 3926] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3926, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 67.885999][ T3926] loop0: detected capacity change from 0 to 512
[ 67.896314][ T3926] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.904386][ T3926] EXT4-fs (loop0): 1 truncate cleaned up
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./142/binderfs") = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./142/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./142") = 0
mkdir("./143", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3928
./strace-static-x86_64: Process 3928 attached
[pid 3928] chdir("./143") = 0
[pid 3928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3928] setpgid(0, 0) = 0
[pid 3928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3928] write(3, "1000", 4) = 4
[pid 3928] close(3) = 0
[pid 3928] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3928] memfd_create("syzkaller", 0) = 3
[pid 3928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3928] munmap(0x7ff05686f000, 262144) = 0
[pid 3928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3928] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3928] close(3) = 0
[pid 3928] mkdir("./file0", 0777) = 0
[pid 3928] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3928] chdir("./file0") = 0
[pid 3928] ioctl(4, LOOP_CLR_FD) = 0
[pid 3928] close(4) = 0
[pid 3928] exit_group(0) = ?
[pid 3928] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3928, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./143/binderfs") = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
[ 67.963038][ T3928] loop0: detected capacity change from 0 to 512
[ 67.972379][ T3928] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 67.980916][ T3928] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./143/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./143") = 0
mkdir("./144", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3930
./strace-static-x86_64: Process 3930 attached
[pid 3930] chdir("./144") = 0
[pid 3930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3930] setpgid(0, 0) = 0
[pid 3930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3930] write(3, "1000", 4) = 4
[pid 3930] close(3) = 0
[pid 3930] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3930] memfd_create("syzkaller", 0) = 3
[pid 3930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3930] munmap(0x7ff05686f000, 262144) = 0
[pid 3930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3930] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3930] close(3) = 0
[pid 3930] mkdir("./file0", 0777) = 0
[pid 3930] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3930] chdir("./file0") = 0
[pid 3930] ioctl(4, LOOP_CLR_FD) = 0
[pid 3930] close(4) = 0
[pid 3930] exit_group(0) = ?
[pid 3930] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3930, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./144/binderfs") = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
[ 68.043045][ T3930] loop0: detected capacity change from 0 to 512
[ 68.052453][ T3930] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.062119][ T3930] EXT4-fs (loop0): 1 truncate cleaned up
close(4) = 0
rmdir("./144/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./144") = 0
mkdir("./145", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3932 attached
, child_tidptr=0x555556e315d0) = 3932
[pid 3932] chdir("./145") = 0
[pid 3932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3932] setpgid(0, 0) = 0
[pid 3932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3932] write(3, "1000", 4) = 4
[pid 3932] close(3) = 0
[pid 3932] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3932] memfd_create("syzkaller", 0) = 3
[pid 3932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3932] munmap(0x7ff05686f000, 262144) = 0
[pid 3932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3932] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3932] close(3) = 0
[pid 3932] mkdir("./file0", 0777) = 0
[pid 3932] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3932] chdir("./file0") = 0
[pid 3932] ioctl(4, LOOP_CLR_FD) = 0
[pid 3932] close(4) = 0
[pid 3932] exit_group(0) = ?
[pid 3932] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3932, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./145/binderfs") = 0
[ 68.122994][ T3932] loop0: detected capacity change from 0 to 512
[ 68.133586][ T3932] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.142090][ T3932] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./145/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./145") = 0
mkdir("./146", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3934
./strace-static-x86_64: Process 3934 attached
[pid 3934] chdir("./146") = 0
[pid 3934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3934] setpgid(0, 0) = 0
[pid 3934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3934] write(3, "1000", 4) = 4
[pid 3934] close(3) = 0
[pid 3934] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3934] memfd_create("syzkaller", 0) = 3
[pid 3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3934] munmap(0x7ff05686f000, 262144) = 0
[pid 3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3934] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3934] close(3) = 0
[pid 3934] mkdir("./file0", 0777) = 0
[pid 3934] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3934] chdir("./file0") = 0
[pid 3934] ioctl(4, LOOP_CLR_FD) = 0
[pid 3934] close(4) = 0
[pid 3934] exit_group(0) = ?
[pid 3934] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3934, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./146/binderfs") = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./146/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./146") = 0
mkdir("./147", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3936
./strace-static-x86_64: Process 3936 attached
[pid 3936] chdir("./147") = 0
[pid 3936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3936] setpgid(0, 0) = 0
[pid 3936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3936] write(3, "1000", 4) = 4
[pid 3936] close(3) = 0
[pid 3936] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3936] memfd_create("syzkaller", 0) = 3
[pid 3936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3936] munmap(0x7ff05686f000, 262144) = 0
[pid 3936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3936] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy)
[pid 3936] ioctl(4, LOOP_CLR_FD) = 0
[pid 3936] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy)
[ 68.198658][ T3934] loop0: detected capacity change from 0 to 512
[ 68.199747][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 68.216622][ T3934] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.227308][ T3934] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3936] close(4) = 0
[pid 3936] close(3) = 0
[pid 3936] exit_group(0) = ?
[pid 3936] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3936, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 3 entries */, 32768) = 80
umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./147/binderfs") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./147") = 0
mkdir("./148", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3937
./strace-static-x86_64: Process 3937 attached
[pid 3937] chdir("./148") = 0
[pid 3937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3937] setpgid(0, 0) = 0
[pid 3937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3937] write(3, "1000", 4) = 4
[pid 3937] close(3) = 0
[pid 3937] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3937] memfd_create("syzkaller", 0) = 3
[pid 3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3937] munmap(0x7ff05686f000, 262144) = 0
[pid 3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3937] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3937] close(3) = 0
[pid 3937] mkdir("./file0", 0777) = 0
[pid 3937] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3937] chdir("./file0") = 0
[pid 3937] ioctl(4, LOOP_CLR_FD) = 0
[pid 3937] close(4) = 0
[pid 3937] exit_group(0) = ?
[pid 3937] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3937, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./148/binderfs") = 0
umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./148/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./148") = 0
mkdir("./149", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3939
./strace-static-x86_64: Process 3939 attached
[pid 3939] chdir("./149") = 0
[pid 3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3939] setpgid(0, 0) = 0
[pid 3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3939] write(3, "1000", 4) = 4
[pid 3939] close(3) = 0
[pid 3939] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3939] memfd_create("syzkaller", 0) = 3
[pid 3939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3939] munmap(0x7ff05686f000, 262144) = 0
[pid 3939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.296738][ T3937] loop0: detected capacity change from 0 to 512
[ 68.310396][ T3937] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.319021][ T3937] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3939] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3939] close(3) = 0
[pid 3939] mkdir("./file0", 0777) = 0
[pid 3939] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3939] chdir("./file0") = 0
[pid 3939] ioctl(4, LOOP_CLR_FD) = 0
[pid 3939] close(4) = 0
[pid 3939] exit_group(0) = ?
[pid 3939] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 68.376601][ T3939] loop0: detected capacity change from 0 to 512
[ 68.386688][ T3939] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.394928][ T3939] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./149/binderfs") = 0
umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./149/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./149") = 0
mkdir("./150", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3941
./strace-static-x86_64: Process 3941 attached
[pid 3941] chdir("./150") = 0
[pid 3941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3941] setpgid(0, 0) = 0
[pid 3941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3941] write(3, "1000", 4) = 4
[pid 3941] close(3) = 0
[pid 3941] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3941] memfd_create("syzkaller", 0) = 3
[pid 3941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3941] munmap(0x7ff05686f000, 262144) = 0
[pid 3941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3941] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3941] close(3) = 0
[pid 3941] mkdir("./file0", 0777) = 0
[pid 3941] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3941] chdir("./file0") = 0
[pid 3941] ioctl(4, LOOP_CLR_FD) = 0
[pid 3941] close(4) = 0
[pid 3941] exit_group(0) = ?
[pid 3941] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3941, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 68.465629][ T3941] loop0: detected capacity change from 0 to 512
[ 68.475422][ T3941] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.483865][ T3941] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./150/binderfs") = 0
umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./150/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./150") = 0
mkdir("./151", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3943
./strace-static-x86_64: Process 3943 attached
[pid 3943] chdir("./151") = 0
[pid 3943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3943] setpgid(0, 0) = 0
[pid 3943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3943] write(3, "1000", 4) = 4
[pid 3943] close(3) = 0
[pid 3943] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3943] memfd_create("syzkaller", 0) = 3
[pid 3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3943] munmap(0x7ff05686f000, 262144) = 0
[pid 3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3943] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3943] close(3) = 0
[pid 3943] mkdir("./file0", 0777) = 0
[pid 3943] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3943] chdir("./file0") = 0
[pid 3943] ioctl(4, LOOP_CLR_FD) = 0
[pid 3943] close(4) = 0
[pid 3943] exit_group(0) = ?
[pid 3943] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3943, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./151/binderfs") = 0
umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./151/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./151") = 0
mkdir("./152", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3945 attached
, child_tidptr=0x555556e315d0) = 3945
[pid 3945] chdir("./152") = 0
[pid 3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3945] setpgid(0, 0) = 0
[ 68.555322][ T3943] loop0: detected capacity change from 0 to 512
[ 68.565183][ T3943] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.573307][ T3943] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3945] write(3, "1000", 4) = 4
[pid 3945] close(3) = 0
[pid 3945] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3945] memfd_create("syzkaller", 0) = 3
[pid 3945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3945] munmap(0x7ff05686f000, 262144) = 0
[pid 3945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3945] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3945] close(3) = 0
[pid 3945] mkdir("./file0", 0777) = 0
[pid 3945] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3945] chdir("./file0") = 0
[pid 3945] ioctl(4, LOOP_CLR_FD) = 0
[ 68.623633][ T3945] loop0: detected capacity change from 0 to 512
[ 68.633602][ T3945] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.642290][ T3945] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3945] close(4) = 0
[pid 3945] exit_group(0) = ?
[pid 3945] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./152/binderfs") = 0
umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./152/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./152") = 0
mkdir("./153", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3947 attached
, child_tidptr=0x555556e315d0) = 3947
[pid 3947] chdir("./153") = 0
[pid 3947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3947] setpgid(0, 0) = 0
[pid 3947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3947] write(3, "1000", 4) = 4
[pid 3947] close(3) = 0
[pid 3947] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3947] memfd_create("syzkaller", 0) = 3
[pid 3947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3947] munmap(0x7ff05686f000, 262144) = 0
[pid 3947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3947] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3947] close(3) = 0
[pid 3947] mkdir("./file0", 0777) = 0
[pid 3947] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3947] chdir("./file0") = 0
[pid 3947] ioctl(4, LOOP_CLR_FD) = 0
[pid 3947] close(4) = 0
[pid 3947] exit_group(0) = ?
[pid 3947] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3947, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./153/binderfs") = 0
umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./153/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./153") = 0
mkdir("./154", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3949
./strace-static-x86_64: Process 3949 attached
[pid 3949] chdir("./154") = 0
[pid 3949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 68.720941][ T3947] loop0: detected capacity change from 0 to 512
[ 68.731468][ T3947] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.740857][ T3947] EXT4-fs (loop0): 1 truncate cleaned up
[pid 3949] setpgid(0, 0) = 0
[pid 3949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3949] write(3, "1000", 4) = 4
[pid 3949] close(3) = 0
[pid 3949] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3949] memfd_create("syzkaller", 0) = 3
[pid 3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3949] munmap(0x7ff05686f000, 262144) = 0
[pid 3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3949] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3949] close(3) = 0
[pid 3949] mkdir("./file0", 0777) = 0
[pid 3949] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3949] chdir("./file0") = 0
[pid 3949] ioctl(4, LOOP_CLR_FD) = 0
[pid 3949] close(4) = 0
[pid 3949] exit_group(0) = ?
[pid 3949] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3949, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 68.808235][ T3949] loop0: detected capacity change from 0 to 512
[ 68.818632][ T3949] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.827260][ T3949] EXT4-fs (loop0): 1 truncate cleaned up
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./154/binderfs") = 0
umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./154/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./154") = 0
mkdir("./155", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3951
./strace-static-x86_64: Process 3951 attached
[pid 3951] chdir("./155") = 0
[pid 3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3951] setpgid(0, 0) = 0
[pid 3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3951] write(3, "1000", 4) = 4
[pid 3951] close(3) = 0
[pid 3951] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3951] memfd_create("syzkaller", 0) = 3
[pid 3951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3951] munmap(0x7ff05686f000, 262144) = 0
[pid 3951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3951] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3951] close(3) = 0
[pid 3951] mkdir("./file0", 0777) = 0
[pid 3951] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3951] chdir("./file0") = 0
[pid 3951] ioctl(4, LOOP_CLR_FD) = 0
[pid 3951] close(4) = 0
[pid 3951] exit_group(0) = ?
[pid 3951] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./155/binderfs") = 0
[ 68.898897][ T3951] loop0: detected capacity change from 0 to 512
[ 68.908738][ T3951] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 68.916765][ T3951] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./155/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./155") = 0
mkdir("./156", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3953
./strace-static-x86_64: Process 3953 attached
[pid 3953] chdir("./156") = 0
[pid 3953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3953] setpgid(0, 0) = 0
[pid 3953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3953] write(3, "1000", 4) = 4
[pid 3953] close(3) = 0
[pid 3953] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3953] memfd_create("syzkaller", 0) = 3
[pid 3953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3953] munmap(0x7ff05686f000, 262144) = 0
[pid 3953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3953] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3953] close(3) = 0
[pid 3953] mkdir("./file0", 0777) = 0
[pid 3953] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3953] chdir("./file0") = 0
[pid 3953] ioctl(4, LOOP_CLR_FD) = 0
[pid 3953] close(4) = 0
[pid 3953] exit_group(0) = ?
[pid 3953] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3953, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./156/binderfs") = 0
[ 68.982456][ T3953] loop0: detected capacity change from 0 to 512
[ 68.992506][ T3953] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 69.001161][ T3953] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./156/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./156") = 0
mkdir("./157", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3955
./strace-static-x86_64: Process 3955 attached
[pid 3955] chdir("./157") = 0
[pid 3955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3955] setpgid(0, 0) = 0
[pid 3955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3955] write(3, "1000", 4) = 4
[pid 3955] close(3) = 0
[pid 3955] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3955] memfd_create("syzkaller", 0) = 3
[pid 3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3955] munmap(0x7ff05686f000, 262144) = 0
[pid 3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3955] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3955] close(3) = 0
[pid 3955] mkdir("./file0", 0777) = 0
[pid 3955] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3955] chdir("./file0") = 0
[pid 3955] ioctl(4, LOOP_CLR_FD) = 0
[pid 3955] close(4) = 0
[pid 3955] exit_group(0) = ?
[pid 3955] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3955, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./157/binderfs") = 0
umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./157/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./157") = 0
[ 69.074527][ T3955] loop0: detected capacity change from 0 to 512
[ 69.086445][ T3955] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 69.095270][ T3955] EXT4-fs (loop0): 1 truncate cleaned up
mkdir("./158", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3957
./strace-static-x86_64: Process 3957 attached
[pid 3957] chdir("./158") = 0
[pid 3957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3957] setpgid(0, 0) = 0
[pid 3957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3957] write(3, "1000", 4) = 4
[pid 3957] close(3) = 0
[pid 3957] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3957] memfd_create("syzkaller", 0) = 3
[pid 3957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3957] munmap(0x7ff05686f000, 262144) = 0
[pid 3957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3957] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3957] close(3) = 0
[pid 3957] mkdir("./file0", 0777) = 0
[pid 3957] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0
[pid 3957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3957] chdir("./file0") = 0
[pid 3957] ioctl(4, LOOP_CLR_FD) = 0
[pid 3957] close(4) = 0
[pid 3957] exit_group(0) = ?
[pid 3957] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3957, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556e32620 /* 4 entries */, 32768) = 112
umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./158/binderfs") = 0
umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556e3a660 /* 2 entries */, 32768) = 48
[ 69.172639][ T3957] loop0: detected capacity change from 0 to 512
[ 69.182812][ T3957] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 69.191960][ T3957] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(4, 0x555556e3a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./158/file0") = 0
getdents64(3, 0x555556e32620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./158") = 0
mkdir("./159", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e315d0) = 3959
./strace-static-x86_64: Process 3959 attached
[pid 3959] chdir("./159") = 0
[pid 3959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3959] setpgid(0, 0) = 0
[pid 3959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3959] write(3, "1000", 4) = 4
[pid 3959] close(3) = 0
[pid 3959] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3959] memfd_create("syzkaller", 0) = 3
[pid 3959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff05686f000
[pid 3959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 3959] munmap(0x7ff05686f000, 262144) = 0
[pid 3959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3959] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3959] close(3) = 0
[pid 3959] mkdir("./file0", 0777) = 0