./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1576109845
<...>
Warning: Permanently added '10.128.0.103' (ED25519) to the list of known hosts.
execve("./syz-executor1576109845", ["./syz-executor1576109845"], 0x7ffeda8df2f0 /* 10 vars */) = 0
brk(NULL) = 0x555556770000
brk(0x555556770d00) = 0x555556770d00
arch_prctl(ARCH_SET_FS, 0x555556770380) = 0
set_tid_address(0x555556770650) = 299
set_robust_list(0x555556770660, 24) = 0
rseq(0x555556770ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1576109845", 4096) = 28
getrandom("\x1f\x90\x63\x43\x12\x64\x3e\x79", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556770d00
brk(0x555556791d00) = 0x555556791d00
brk(0x555556792000) = 0x555556792000
mprotect(0x7f75dc862000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.MuBJUx", 0700) = 0
chmod("./syzkaller.MuBJUx", 0777) = 0
chdir("./syzkaller.MuBJUx") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 300
./strace-static-x86_64: Process 300 attached
[pid 300] set_robust_list(0x555556770660, 24) = 0
[pid 300] chdir("./0") = 0
[pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 300] setpgid(0, 0) = 0
[pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 300] write(3, "1000", 4) = 4
[pid 300] close(3) = 0
[pid 300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 300] memfd_create("syzkaller", 0) = 3
[pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 300] munmap(0x7f75d43ae000, 138412032) = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.296110][ T28] audit: type=1400 audit(1700214590.326:66): avc: denied { execmem } for pid=299 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 26.322085][ T300] loop0: detected capacity change from 0 to 512
[pid 300] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 300] close(3) = 0
[pid 300] mkdir("./file0", 0777) = 0
[ 26.322173][ T28] audit: type=1400 audit(1700214590.336:67): avc: denied { read write } for pid=299 comm="syz-executor157" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 26.333186][ T300] EXT4-fs: Ignoring removed bh option
[ 26.352883][ T28] audit: type=1400 audit(1700214590.336:68): avc: denied { open } for pid=299 comm="syz-executor157" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 26.381647][ T300] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.382009][ T28] audit: type=1400 audit(1700214590.336:69): avc: denied { ioctl } for pid=299 comm="syz-executor157" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 26.392815][ T300] EXT4-fs (loop0): 1 truncate cleaned up
[ 26.415037][ T28] audit: type=1400 audit(1700214590.366:70): avc: denied { mounton } for pid=300 comm="syz-executor157" path="/root/syzkaller.MuBJUx/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[pid 300] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 300] chdir("./file0") = 0
[pid 300] ioctl(4, LOOP_CLR_FD) = 0
[pid 300] close(4) = 0
[pid 300] creat("./bus", 000) = 4
[pid 300] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 300] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 300] chdir("./file0") = 0
[pid 300] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 300] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 300] memfd_create("syzkaller", 0) = 7
[pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 300] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 300] munmap(0x7f75d43ae000, 138412032) = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 300] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 300] ioctl(8, LOOP_CLR_FD) = 0
[pid 300] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 300] close(8) = 0
[pid 300] close(7) = 0
[ 26.420889][ T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.453498][ T28] audit: type=1400 audit(1700214590.486:71): avc: denied { mount } for pid=300 comm="syz-executor157" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 26.475247][ T28] audit: type=1400 audit(1700214590.486:72): avc: denied { write } for pid=300 comm="syz-executor157" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 26.496988][ T28] audit: type=1400 audit(1700214590.486:73): avc: denied { add_name } for pid=300 comm="syz-executor157" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 26.497625][ T300] ==================================================================
[ 26.517587][ T28] audit: type=1400 audit(1700214590.486:74): avc: denied { create } for pid=300 comm="syz-executor157" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 26.525452][ T300] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0
[ 26.545558][ T28] audit: type=1400 audit(1700214590.486:75): avc: denied { write open } for pid=300 comm="syz-executor157" path="/root/syzkaller.MuBJUx/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 26.552530][ T300] Read of size 1 at addr ffff888121330d23 by task syz-executor157/300
[ 26.552548][ T300]
[ 26.552553][ T300] CPU: 1 PID: 300 Comm: syz-executor157 Not tainted 6.1.43-syzkaller-00018-gb496cc311544 #0
[ 26.597406][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 26.607306][ T300] Call Trace:
[ 26.610421][ T300]
[ 26.613201][ T300] dump_stack_lvl+0x151/0x1b7
[ 26.617713][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 26.623008][ T300] ? _printk+0xd1/0x111
[ 26.627001][ T300] ? __virt_addr_valid+0x242/0x2f0
[ 26.631951][ T300] print_report+0x158/0x4e0
[ 26.636287][ T300] ? __virt_addr_valid+0x242/0x2f0
[ 26.641237][ T300] ? kasan_addr_to_slab+0xd/0x80
[ 26.646016][ T300] ? ext4_search_dir+0xf7/0x1b0
[ 26.650695][ T300] kasan_report+0x13c/0x170
[ 26.655036][ T300] ? ext4_search_dir+0xf7/0x1b0
[ 26.659727][ T300] __asan_report_load1_noabort+0x14/0x20
[ 26.665192][ T300] ext4_search_dir+0xf7/0x1b0
[ 26.669703][ T300] ext4_find_inline_entry+0x4b6/0x5e0
[ 26.674922][ T300] ? ext4_try_create_inline_dir+0x320/0x320
[ 26.680639][ T300] ? kasan_save_alloc_info+0x1f/0x30
[ 26.685930][ T300] ? __kasan_slab_alloc+0x6c/0x80
[ 26.690798][ T300] ? slab_post_alloc_hook+0x53/0x2c0
[ 26.695917][ T300] ? kmem_cache_alloc_lru+0x102/0x220
[ 26.701126][ T300] ? __d_alloc+0x34/0x700
[ 26.705299][ T300] __ext4_find_entry+0x2b0/0x1af0
[ 26.710244][ T300] ? ext4_fname_setup_ci_filename+0x70/0x480
[ 26.716054][ T300] ? ext4_ci_compare+0x660/0x660
[ 26.720828][ T300] ? memcpy+0x56/0x70
[ 26.724648][ T300] ? ext4_fname_prepare_lookup+0x2ea/0x400
[ 26.730289][ T300] ? kasan_save_alloc_info+0x1f/0x30
[ 26.735412][ T300] ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[ 26.741316][ T300] ext4_lookup+0x176/0x740
[ 26.745564][ T300] ? ext4_add_entry+0xed0/0xed0
[ 26.750251][ T300] ? _raw_spin_lock+0xa4/0x1b0
[ 26.754852][ T300] ? _raw_spin_unlock+0x4c/0x70
[ 26.759548][ T300] ? d_alloc+0x199/0x1d0
[ 26.763617][ T300] __lookup_hash+0x143/0x290
[ 26.768048][ T300] filename_create+0x288/0x520
[ 26.772646][ T300] ? kern_path_create+0x1a0/0x1a0
[ 26.777507][ T300] do_mkdirat+0xbd/0x450
[ 26.781594][ T300] ? vfs_mkdir+0x570/0x570
[ 26.785847][ T300] __x64_sys_mkdirat+0x89/0xa0
[ 26.790436][ T300] do_syscall_64+0x3d/0xb0
[ 26.794688][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 26.800420][ T300] RIP: 0033:0x7f75dc7ed529
[ 26.804678][ T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 26.824113][ T300] RSP: 002b:00007ffe20e076d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 26.832358][ T300] RAX: ffffffffffffffda RBX: 00007f75dc83608d RCX: 00007f75dc7ed529
[ 26.840169][ T300] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 26.847980][ T300] RBP: 0030656c69662f2e R08: 00000000000014ef R09: 0000000020001580
[ 26.855901][ T300] R10: 00000000000014f3 R11: 0000000000000246 R12: 0000000000000001
[ 26.863712][ T300] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe20e07740
[ 26.871527][ T300]
[ 26.874392][ T300]
[ 26.876560][ T300] The buggy address belongs to the physical page:
[ 26.882813][ T300] page:ffffea000484cc00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x121330
[ 26.892965][ T300] flags: 0x4000000000000000(zone=1)
[ 26.898006][ T300] raw: 4000000000000000 ffffea000484cc48 ffffea000484cbc8 0000000000000000
[ 26.906422][ T300] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 26.914834][ T300] page dumped because: kasan: bad access detected
[ 26.921085][ T300] page_owner tracks the page as freed
[ 26.926378][ T300] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 281, tgid 281 (sshd), ts 20086708573, free_ts 20103879166
[ 26.944954][ T300] post_alloc_hook+0x213/0x220
[ 26.949550][ T300] prep_new_page+0x1b/0x110
[ 26.953891][ T300] get_page_from_freelist+0x2878/0x2910
[ 26.959291][ T300] __alloc_pages+0x3a1/0x780
[ 26.963698][ T300] __folio_alloc+0x15/0x40
[ 26.967951][ T300] handle_mm_fault+0x1fb0/0x2f40
[ 26.972728][ T300] exc_page_fault+0x3a6/0x6e0
[ 26.977244][ T300] asm_exc_page_fault+0x27/0x30
[ 26.981928][ T300] page last free stack trace:
[ 26.986534][ T300] free_unref_page_prepare+0x83d/0x850
[ 26.991823][ T300] free_unref_page_list+0xf6/0x6c0
[ 26.996768][ T300] release_pages+0xf7f/0xfe0
[ 27.001199][ T300] free_pages_and_swap_cache+0x8a/0xa0
[ 27.006488][ T300] tlb_finish_mmu+0x1e0/0x3f0
[ 27.011003][ T300] unmap_region+0x2c1/0x310
[ 27.015341][ T300] do_mas_align_munmap+0xd05/0x1400
[ 27.020376][ T300] do_mas_munmap+0x23e/0x2b0
[ 27.024801][ T300] __vm_munmap+0x263/0x3a0
[ 27.029055][ T300] __x64_sys_munmap+0x6b/0x80
[ 27.033570][ T300] do_syscall_64+0x3d/0xb0
[ 27.037831][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 27.043561][ T300]
[ 27.045721][ T300] Memory state around the buggy address:
[ 27.051192][ T300] ffff888121330c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.059092][ T300] ffff888121330c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.066988][ T300] >ffff888121330d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.074882][ T300] ^
[ 27.079833][ T300] ffff888121330d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.087732][ T300] ffff888121330e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[pid 300] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 300] exit_group(0) = ?
[pid 300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=12} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 306
./strace-static-x86_64: Process 306 attached
[pid 306] set_robust_list(0x555556770660, 24) = 0
[pid 306] chdir("./1") = 0
[pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 306] setpgid(0, 0) = 0
[pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 306] write(3, "1000", 4) = 4
[pid 306] close(3) = 0
[pid 306] symlink("/dev/binderfs", "./binderfs") = 0
[pid 306] memfd_create("syzkaller", 0) = 3
[pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 306] munmap(0x7f75d43ae000, 138412032) = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.095627][ T300] ==================================================================
[ 27.104121][ T300] Disabling lock debugging due to kernel taint
[ 27.111015][ T300] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.140036][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 306] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 306] close(3) = 0
[pid 306] mkdir("./file0", 0777) = 0
[pid 306] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 306] chdir("./file0") = 0
[pid 306] ioctl(4, LOOP_CLR_FD) = 0
[pid 306] close(4) = 0
[pid 306] creat("./bus", 000) = 4
[pid 306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 306] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 306] chdir("./file0") = 0
[pid 306] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 306] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 306] memfd_create("syzkaller", 0) = 7
[pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 306] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 306] munmap(0x7f75d43ae000, 138412032) = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 306] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 306] ioctl(8, LOOP_CLR_FD) = 0
[pid 306] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 306] close(8) = 0
[pid 306] close(7) = 0
[ 27.163100][ T306] loop0: detected capacity change from 0 to 512
[ 27.170794][ T306] EXT4-fs: Ignoring removed bh option
[ 27.176292][ T306] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.185844][ T306] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.191540][ T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 306] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 306] exit_group(0) = ?
[pid 306] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] set_robust_list(0x555556770660, 24) = 0
[pid 308] chdir("./2") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] close(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
[pid 308] memfd_create("syzkaller", 0) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 308] munmap(0x7f75d43ae000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.213014][ T306] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.238125][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] close(3) = 0
[pid 308] mkdir("./file0", 0777) = 0
[pid 308] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file0") = 0
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] close(4) = 0
[pid 308] creat("./bus", 000) = 4
[pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 308] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 308] chdir("./file0") = 0
[pid 308] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 308] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 308] memfd_create("syzkaller", 0) = 7
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 308] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 308] munmap(0x7f75d43ae000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 308] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 308] ioctl(8, LOOP_CLR_FD) = 0
[pid 308] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 308] close(8) = 0
[pid 308] close(7) = 0
[ 27.260970][ T308] loop0: detected capacity change from 0 to 512
[ 27.268114][ T308] EXT4-fs: Ignoring removed bh option
[ 27.273623][ T308] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.283488][ T308] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.289049][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 308] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 310
./strace-static-x86_64: Process 310 attached
[pid 310] set_robust_list(0x555556770660, 24) = 0
[pid 310] chdir("./3") = 0
[pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 310] setpgid(0, 0) = 0
[pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 310] write(3, "1000", 4) = 4
[pid 310] close(3) = 0
[pid 310] symlink("/dev/binderfs", "./binderfs") = 0
[pid 310] memfd_create("syzkaller", 0) = 3
[pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 310] munmap(0x7f75d43ae000, 138412032) = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.307637][ T308] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.332786][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 310] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 310] close(3) = 0
[pid 310] mkdir("./file0", 0777) = 0
[pid 310] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 310] chdir("./file0") = 0
[pid 310] ioctl(4, LOOP_CLR_FD) = 0
[pid 310] close(4) = 0
[pid 310] creat("./bus", 000) = 4
[pid 310] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 310] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 310] chdir("./file0") = 0
[pid 310] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 310] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 310] memfd_create("syzkaller", 0) = 7
[pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 310] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 310] munmap(0x7f75d43ae000, 138412032) = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 310] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 310] ioctl(8, LOOP_CLR_FD) = 0
[pid 310] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 310] close(8) = 0
[pid 310] close(7) = 0
[ 27.354789][ T310] loop0: detected capacity change from 0 to 512
[ 27.362056][ T310] EXT4-fs: Ignoring removed bh option
[ 27.368048][ T310] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.377522][ T310] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.383059][ T310] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 310] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 310] exit_group(0) = ?
[pid 310] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 312
./strace-static-x86_64: Process 312 attached
[pid 312] set_robust_list(0x555556770660, 24) = 0
[pid 312] chdir("./4") = 0
[pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 312] setpgid(0, 0) = 0
[pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 312] write(3, "1000", 4) = 4
[pid 312] close(3) = 0
[pid 312] symlink("/dev/binderfs", "./binderfs") = 0
[pid 312] memfd_create("syzkaller", 0) = 3
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 312] munmap(0x7f75d43ae000, 138412032) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 312] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 312] close(3) = 0
[ 27.401823][ T310] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.427180][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 312] mkdir("./file0", 0777) = 0
[pid 312] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 312] chdir("./file0") = 0
[pid 312] ioctl(4, LOOP_CLR_FD) = 0
[pid 312] close(4) = 0
[pid 312] creat("./bus", 000) = 4
[pid 312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 312] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 312] chdir("./file0") = 0
[pid 312] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 312] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 312] memfd_create("syzkaller", 0) = 7
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 312] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 312] munmap(0x7f75d43ae000, 138412032) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 312] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 312] ioctl(8, LOOP_CLR_FD) = 0
[pid 312] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 312] close(8) = 0
[pid 312] close(7) = 0
[ 27.449461][ T312] loop0: detected capacity change from 0 to 512
[ 27.456757][ T312] EXT4-fs: Ignoring removed bh option
[ 27.462401][ T312] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.471935][ T312] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.477410][ T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 312] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 312] exit_group(0) = ?
[pid 312] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 315
./strace-static-x86_64: Process 315 attached
[pid 315] set_robust_list(0x555556770660, 24) = 0
[pid 315] chdir("./5") = 0
[pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 315] setpgid(0, 0) = 0
[pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 315] write(3, "1000", 4) = 4
[pid 315] close(3) = 0
[pid 315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 315] memfd_create("syzkaller", 0) = 3
[pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 315] munmap(0x7f75d43ae000, 138412032) = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 315] close(3) = 0
[pid 315] mkdir("./file0", 0777) = 0
[ 27.497453][ T312] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.521163][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 27.543275][ T315] loop0: detected capacity change from 0 to 512
[ 27.550291][ T315] EXT4-fs: Ignoring removed bh option
[pid 315] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 315] chdir("./file0") = 0
[pid 315] ioctl(4, LOOP_CLR_FD) = 0
[pid 315] close(4) = 0
[pid 315] creat("./bus", 000) = 4
[pid 315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 315] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 315] chdir("./file0") = 0
[pid 315] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 315] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 315] memfd_create("syzkaller", 0) = 7
[pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 315] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 315] munmap(0x7f75d43ae000, 138412032) = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 315] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 315] ioctl(8, LOOP_CLR_FD) = 0
[pid 315] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 315] close(8) = 0
[pid 315] close(7) = 0
[ 27.555756][ T315] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.565186][ T315] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.570760][ T315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 315] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 315] exit_group(0) = ?
[pid 315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 317
./strace-static-x86_64: Process 317 attached
[pid 317] set_robust_list(0x555556770660, 24) = 0
[pid 317] chdir("./6") = 0
[pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 317] setpgid(0, 0) = 0
[pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 317] write(3, "1000", 4) = 4
[pid 317] close(3) = 0
[pid 317] symlink("/dev/binderfs", "./binderfs") = 0
[pid 317] memfd_create("syzkaller", 0) = 3
[pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 317] munmap(0x7f75d43ae000, 138412032) = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 317] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 317] close(3) = 0
[pid 317] mkdir("./file0", 0777) = 0
[ 27.592367][ T315] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.618054][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 27.638913][ T317] loop0: detected capacity change from 0 to 512
[ 27.646098][ T317] EXT4-fs: Ignoring removed bh option
[pid 317] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 317] chdir("./file0") = 0
[pid 317] ioctl(4, LOOP_CLR_FD) = 0
[pid 317] close(4) = 0
[pid 317] creat("./bus", 000) = 4
[pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 317] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 317] chdir("./file0") = 0
[pid 317] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 317] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 317] memfd_create("syzkaller", 0) = 7
[pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 317] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 317] munmap(0x7f75d43ae000, 138412032) = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 317] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 317] ioctl(8, LOOP_CLR_FD) = 0
[pid 317] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 317] close(8) = 0
[pid 317] close(7) = 0
[pid 317] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 317] exit_group(0) = ?
[pid 317] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 27.651731][ T317] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.661313][ T317] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.666851][ T317] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.686761][ T317] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached
, child_tidptr=0x555556770650) = 319
[pid 319] set_robust_list(0x555556770660, 24) = 0
[pid 319] chdir("./7") = 0
[pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 319] setpgid(0, 0) = 0
[pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 319] write(3, "1000", 4) = 4
[pid 319] close(3) = 0
[pid 319] symlink("/dev/binderfs", "./binderfs") = 0
[pid 319] memfd_create("syzkaller", 0) = 3
[pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 319] munmap(0x7f75d43ae000, 138412032) = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 319] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 319] close(3) = 0
[pid 319] mkdir("./file0", 0777) = 0
[ 27.712004][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 27.732797][ T319] loop0: detected capacity change from 0 to 512
[ 27.740015][ T319] EXT4-fs: Ignoring removed bh option
[ 27.745578][ T319] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.755200][ T319] EXT4-fs (loop0): 1 truncate cleaned up
[pid 319] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 319] chdir("./file0") = 0
[pid 319] ioctl(4, LOOP_CLR_FD) = 0
[pid 319] close(4) = 0
[pid 319] creat("./bus", 000) = 4
[pid 319] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 319] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 319] chdir("./file0") = 0
[pid 319] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 319] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 319] memfd_create("syzkaller", 0) = 7
[pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 319] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 319] munmap(0x7f75d43ae000, 138412032) = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 319] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 319] ioctl(8, LOOP_CLR_FD) = 0
[pid 319] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 319] close(8) = 0
[pid 319] close(7) = 0
[pid 319] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 319] exit_group(0) = ?
[pid 319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 321
./strace-static-x86_64: Process 321 attached
[pid 321] set_robust_list(0x555556770660, 24) = 0
[pid 321] chdir("./8") = 0
[pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 321] setpgid(0, 0) = 0
[pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 321] write(3, "1000", 4) = 4
[pid 321] close(3) = 0
[pid 321] symlink("/dev/binderfs", "./binderfs") = 0
[pid 321] memfd_create("syzkaller", 0) = 3
[pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 321] munmap(0x7f75d43ae000, 138412032) = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.760719][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.780819][ T319] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.805893][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 321] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 321] close(3) = 0
[pid 321] mkdir("./file0", 0777) = 0
[pid 321] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 321] chdir("./file0") = 0
[pid 321] ioctl(4, LOOP_CLR_FD) = 0
[pid 321] close(4) = 0
[pid 321] creat("./bus", 000) = 4
[pid 321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 321] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 321] chdir("./file0") = 0
[pid 321] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 321] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 321] memfd_create("syzkaller", 0) = 7
[pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 321] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 321] munmap(0x7f75d43ae000, 138412032) = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 321] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 321] ioctl(8, LOOP_CLR_FD) = 0
[pid 321] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 321] close(8) = 0
[pid 321] close(7) = 0
[ 27.826035][ T321] loop0: detected capacity change from 0 to 512
[ 27.833435][ T321] EXT4-fs: Ignoring removed bh option
[ 27.839215][ T321] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.848672][ T321] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.854113][ T321] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 321] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 321] exit_group(0) = ?
[pid 321] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 323
./strace-static-x86_64: Process 323 attached
[pid 323] set_robust_list(0x555556770660, 24) = 0
[pid 323] chdir("./9") = 0
[pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 323] setpgid(0, 0) = 0
[pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 323] write(3, "1000", 4) = 4
[pid 323] close(3) = 0
[pid 323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 323] memfd_create("syzkaller", 0) = 3
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 323] munmap(0x7f75d43ae000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.874756][ T321] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.899054][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 323] close(3) = 0
[pid 323] mkdir("./file0", 0777) = 0
[pid 323] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 323] chdir("./file0") = 0
[pid 323] ioctl(4, LOOP_CLR_FD) = 0
[pid 323] close(4) = 0
[pid 323] creat("./bus", 000) = 4
[pid 323] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 323] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 323] chdir("./file0") = 0
[pid 323] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 323] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 323] memfd_create("syzkaller", 0) = 7
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 323] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 323] munmap(0x7f75d43ae000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 323] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 323] ioctl(8, LOOP_CLR_FD) = 0
[pid 323] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 323] close(8) = 0
[pid 323] close(7) = 0
[ 27.921264][ T323] loop0: detected capacity change from 0 to 512
[ 27.928551][ T323] EXT4-fs: Ignoring removed bh option
[ 27.934013][ T323] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.943630][ T323] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.949196][ T323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 323] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 323] exit_group(0) = ?
[pid 323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 325 attached
, child_tidptr=0x555556770650) = 325
[pid 325] set_robust_list(0x555556770660, 24) = 0
[pid 325] chdir("./10") = 0
[pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 325] setpgid(0, 0) = 0
[pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 325] write(3, "1000", 4) = 4
[pid 325] close(3) = 0
[pid 325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 325] memfd_create("syzkaller", 0) = 3
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 325] munmap(0x7f75d43ae000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 325] close(3) = 0
[pid 325] mkdir("./file0", 0777) = 0
[ 27.969995][ T323] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.995258][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 28.014829][ T325] loop0: detected capacity change from 0 to 512
[pid 325] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 325] chdir("./file0") = 0
[pid 325] ioctl(4, LOOP_CLR_FD) = 0
[pid 325] close(4) = 0
[pid 325] creat("./bus", 000) = 4
[pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 325] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 325] chdir("./file0") = 0
[pid 325] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 325] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 325] memfd_create("syzkaller", 0) = 7
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 325] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 325] munmap(0x7f75d43ae000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 325] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 325] ioctl(8, LOOP_CLR_FD) = 0
[pid 325] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 325] close(8) = 0
[pid 325] close(7) = 0
[ 28.022295][ T325] EXT4-fs: Ignoring removed bh option
[ 28.027967][ T325] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.037542][ T325] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.042991][ T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 325] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 325] exit_group(0) = ?
[pid 325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 327
./strace-static-x86_64: Process 327 attached
[pid 327] set_robust_list(0x555556770660, 24) = 0
[pid 327] chdir("./11") = 0
[pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 327] setpgid(0, 0) = 0
[pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 327] write(3, "1000", 4) = 4
[pid 327] close(3) = 0
[pid 327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 327] memfd_create("syzkaller", 0) = 3
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 327] munmap(0x7f75d43ae000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 327] close(3) = 0
[pid 327] mkdir("./file0", 0777) = 0
[ 28.060263][ T325] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.083588][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 28.099815][ T327] loop0: detected capacity change from 0 to 512
[ 28.106883][ T327] EXT4-fs: Ignoring removed bh option
[ 28.112585][ T327] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 327] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 327] chdir("./file0") = 0
[pid 327] ioctl(4, LOOP_CLR_FD) = 0
[pid 327] close(4) = 0
[pid 327] creat("./bus", 000) = 4
[pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 327] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 327] chdir("./file0") = 0
[pid 327] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 327] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 327] memfd_create("syzkaller", 0) = 7
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 327] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 327] munmap(0x7f75d43ae000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 327] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 327] ioctl(8, LOOP_CLR_FD) = 0
[pid 327] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 327] close(8) = 0
[pid 327] close(7) = 0
[pid 327] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 327] exit_group(0) = ?
[pid 327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x555556770660, 24) = 0
[pid 329] chdir("./12") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 329] memfd_create("syzkaller", 0) = 3
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 329] munmap(0x7f75d43ae000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.122229][ T327] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.127872][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.143830][ T327] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.167120][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 329] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 329] close(3) = 0
[pid 329] mkdir("./file0", 0777) = 0
[pid 329] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 329] chdir("./file0") = 0
[pid 329] ioctl(4, LOOP_CLR_FD) = 0
[pid 329] close(4) = 0
[pid 329] creat("./bus", 000) = 4
[pid 329] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 329] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 329] chdir("./file0") = 0
[pid 329] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 329] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 329] memfd_create("syzkaller", 0) = 7
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 329] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 329] munmap(0x7f75d43ae000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 329] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 329] ioctl(8, LOOP_CLR_FD) = 0
[pid 329] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 329] close(8) = 0
[pid 329] close(7) = 0
[ 28.195063][ T329] loop0: detected capacity change from 0 to 512
[ 28.202495][ T329] EXT4-fs: Ignoring removed bh option
[ 28.208116][ T329] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.217681][ T329] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.223139][ T329] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 329] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 329] exit_group(0) = ?
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 331
./strace-static-x86_64: Process 331 attached
[pid 331] set_robust_list(0x555556770660, 24) = 0
[pid 331] chdir("./13") = 0
[pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 331] setpgid(0, 0) = 0
[pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 331] write(3, "1000", 4) = 4
[pid 331] close(3) = 0
[pid 331] symlink("/dev/binderfs", "./binderfs") = 0
[pid 331] memfd_create("syzkaller", 0) = 3
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 331] munmap(0x7f75d43ae000, 138412032) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.242737][ T329] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.268465][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 331] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 331] close(3) = 0
[pid 331] mkdir("./file0", 0777) = 0
[pid 331] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 331] chdir("./file0") = 0
[pid 331] ioctl(4, LOOP_CLR_FD) = 0
[pid 331] close(4) = 0
[pid 331] creat("./bus", 000) = 4
[pid 331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 331] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 331] chdir("./file0") = 0
[pid 331] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 331] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 331] memfd_create("syzkaller", 0) = 7
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 331] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 331] munmap(0x7f75d43ae000, 138412032) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 331] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 331] ioctl(8, LOOP_CLR_FD) = 0
[pid 331] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 331] close(8) = 0
[pid 331] close(7) = 0
[ 28.291480][ T331] loop0: detected capacity change from 0 to 512
[ 28.298715][ T331] EXT4-fs: Ignoring removed bh option
[ 28.304184][ T331] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.313582][ T331] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.319074][ T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 331] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 331] exit_group(0) = ?
[pid 331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 333
./strace-static-x86_64: Process 333 attached
[pid 333] set_robust_list(0x555556770660, 24) = 0
[pid 333] chdir("./14") = 0
[pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 333] setpgid(0, 0) = 0
[pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 333] write(3, "1000", 4) = 4
[pid 333] close(3) = 0
[pid 333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 333] memfd_create("syzkaller", 0) = 3
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 333] munmap(0x7f75d43ae000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.339738][ T331] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.365144][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 333] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 333] close(3) = 0
[pid 333] mkdir("./file0", 0777) = 0
[pid 333] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 333] chdir("./file0") = 0
[pid 333] ioctl(4, LOOP_CLR_FD) = 0
[pid 333] close(4) = 0
[pid 333] creat("./bus", 000) = 4
[pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 333] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 333] chdir("./file0") = 0
[pid 333] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 333] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 333] memfd_create("syzkaller", 0) = 7
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 333] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 333] munmap(0x7f75d43ae000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 333] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 333] ioctl(8, LOOP_CLR_FD) = 0
[pid 333] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 333] close(8) = 0
[pid 333] close(7) = 0
[ 28.387741][ T333] loop0: detected capacity change from 0 to 512
[ 28.395055][ T333] EXT4-fs: Ignoring removed bh option
[ 28.400729][ T333] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.410448][ T333] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.416005][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 333] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 333] exit_group(0) = ?
[pid 333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 336
./strace-static-x86_64: Process 336 attached
[pid 336] set_robust_list(0x555556770660, 24) = 0
[pid 336] chdir("./15") = 0
[pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 336] setpgid(0, 0) = 0
[pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 336] write(3, "1000", 4) = 4
[pid 336] close(3) = 0
[pid 336] symlink("/dev/binderfs", "./binderfs") = 0
[pid 336] memfd_create("syzkaller", 0) = 3
[pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 336] munmap(0x7f75d43ae000, 138412032) = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.436737][ T333] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.461819][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 336] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 336] close(3) = 0
[pid 336] mkdir("./file0", 0777) = 0
[pid 336] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 336] chdir("./file0") = 0
[pid 336] ioctl(4, LOOP_CLR_FD) = 0
[pid 336] close(4) = 0
[pid 336] creat("./bus", 000) = 4
[pid 336] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 336] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 336] chdir("./file0") = 0
[pid 336] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 336] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 336] memfd_create("syzkaller", 0) = 7
[pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 336] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 336] munmap(0x7f75d43ae000, 138412032) = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 336] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 336] ioctl(8, LOOP_CLR_FD) = 0
[pid 336] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 336] close(8) = 0
[pid 336] close(7) = 0
[ 28.483622][ T336] loop0: detected capacity change from 0 to 512
[ 28.490710][ T336] EXT4-fs: Ignoring removed bh option
[ 28.496158][ T336] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.505550][ T336] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.511017][ T336] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 336] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 336] exit_group(0) = ?
[pid 336] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 338
./strace-static-x86_64: Process 338 attached
[pid 338] set_robust_list(0x555556770660, 24) = 0
[pid 338] chdir("./16") = 0
[pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 338] setpgid(0, 0) = 0
[pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 338] write(3, "1000", 4) = 4
[pid 338] close(3) = 0
[pid 338] symlink("/dev/binderfs", "./binderfs") = 0
[pid 338] memfd_create("syzkaller", 0) = 3
[pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 338] munmap(0x7f75d43ae000, 138412032) = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 338] close(3) = 0
[pid 338] mkdir("./file0", 0777) = 0
[ 28.531943][ T336] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.558057][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 28.574218][ T338] loop0: detected capacity change from 0 to 512
[ 28.581380][ T338] EXT4-fs: Ignoring removed bh option
[pid 338] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 338] chdir("./file0") = 0
[pid 338] ioctl(4, LOOP_CLR_FD) = 0
[pid 338] close(4) = 0
[pid 338] creat("./bus", 000) = 4
[pid 338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 338] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 338] chdir("./file0") = 0
[pid 338] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 338] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 338] memfd_create("syzkaller", 0) = 7
[pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 338] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 338] munmap(0x7f75d43ae000, 138412032) = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 338] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 338] ioctl(8, LOOP_CLR_FD) = 0
[pid 338] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 338] close(8) = 0
[pid 338] close(7) = 0
[ 28.586882][ T338] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.596373][ T338] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.601958][ T338] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 338] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 338] exit_group(0) = ?
[pid 338] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 340
./strace-static-x86_64: Process 340 attached
[pid 340] set_robust_list(0x555556770660, 24) = 0
[pid 340] chdir("./17") = 0
[pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 340] setpgid(0, 0) = 0
[pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 340] write(3, "1000", 4) = 4
[pid 340] close(3) = 0
[pid 340] symlink("/dev/binderfs", "./binderfs") = 0
[pid 340] memfd_create("syzkaller", 0) = 3
[pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 340] munmap(0x7f75d43ae000, 138412032) = 0
[pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 340] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 340] close(3) = 0
[pid 340] mkdir("./file0", 0777) = 0
[ 28.621397][ T338] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.646648][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 28.669127][ T340] loop0: detected capacity change from 0 to 512
[ 28.676192][ T340] EXT4-fs: Ignoring removed bh option
[pid 340] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 340] chdir("./file0") = 0
[pid 340] ioctl(4, LOOP_CLR_FD) = 0
[pid 340] close(4) = 0
[pid 340] creat("./bus", 000) = 4
[pid 340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 340] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 340] chdir("./file0") = 0
[pid 340] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 340] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 340] memfd_create("syzkaller", 0) = 7
[pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 340] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 340] munmap(0x7f75d43ae000, 138412032) = 0
[pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 340] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 340] ioctl(8, LOOP_CLR_FD) = 0
[pid 340] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 340] close(8) = 0
[pid 340] close(7) = 0
[pid 340] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 340] exit_group(0) = ?
[pid 340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
[ 28.681790][ T340] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.691247][ T340] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.696693][ T340] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.716342][ T340] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x555556770660, 24) = 0
[pid 342] chdir("./18") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 342] munmap(0x7f75d43ae000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] close(3) = 0
[pid 342] mkdir("./file0", 0777) = 0
[ 28.741535][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 28.762471][ T342] loop0: detected capacity change from 0 to 512
[ 28.769498][ T342] EXT4-fs: Ignoring removed bh option
[ 28.775099][ T342] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.784458][ T342] EXT4-fs (loop0): 1 truncate cleaned up
[pid 342] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("./file0") = 0
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] close(4) = 0
[pid 342] creat("./bus", 000) = 4
[pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 342] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 342] chdir("./file0") = 0
[pid 342] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 342] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 342] memfd_create("syzkaller", 0) = 7
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 342] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 342] munmap(0x7f75d43ae000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 342] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 342] ioctl(8, LOOP_CLR_FD) = 0
[pid 342] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 342] close(8) = 0
[pid 342] close(7) = 0
[pid 342] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
[ 28.790134][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.812095][ T342] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 344
./strace-static-x86_64: Process 344 attached
[pid 344] set_robust_list(0x555556770660, 24) = 0
[pid 344] chdir("./19") = 0
[pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 344] setpgid(0, 0) = 0
[pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 344] write(3, "1000", 4) = 4
[pid 344] close(3) = 0
[pid 344] symlink("/dev/binderfs", "./binderfs") = 0
[pid 344] memfd_create("syzkaller", 0) = 3
[pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 344] munmap(0x7f75d43ae000, 138412032) = 0
[pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 344] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 344] close(3) = 0
[pid 344] mkdir("./file0", 0777) = 0
[ 28.838837][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 28.858403][ T344] loop0: detected capacity change from 0 to 512
[ 28.865368][ T344] EXT4-fs: Ignoring removed bh option
[ 28.871026][ T344] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.880378][ T344] EXT4-fs (loop0): 1 truncate cleaned up
[pid 344] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 344] chdir("./file0") = 0
[pid 344] ioctl(4, LOOP_CLR_FD) = 0
[pid 344] close(4) = 0
[pid 344] creat("./bus", 000) = 4
[pid 344] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 344] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 344] chdir("./file0") = 0
[pid 344] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 344] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 344] memfd_create("syzkaller", 0) = 7
[pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 344] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 344] munmap(0x7f75d43ae000, 138412032) = 0
[pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 344] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 344] ioctl(8, LOOP_CLR_FD) = 0
[pid 344] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 344] close(8) = 0
[pid 344] close(7) = 0
[pid 344] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 344] exit_group(0) = ?
[pid 344] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 346
./strace-static-x86_64: Process 346 attached
[pid 346] set_robust_list(0x555556770660, 24) = 0
[pid 346] chdir("./20") = 0
[pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 346] setpgid(0, 0) = 0
[pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 346] write(3, "1000", 4) = 4
[pid 346] close(3) = 0
[pid 346] symlink("/dev/binderfs", "./binderfs") = 0
[pid 346] memfd_create("syzkaller", 0) = 3
[pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 346] munmap(0x7f75d43ae000, 138412032) = 0
[pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.885823][ T344] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.903746][ T344] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.927240][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 346] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 346] close(3) = 0
[pid 346] mkdir("./file0", 0777) = 0
[pid 346] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 346] chdir("./file0") = 0
[pid 346] ioctl(4, LOOP_CLR_FD) = 0
[pid 346] close(4) = 0
[pid 346] creat("./bus", 000) = 4
[pid 346] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 346] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 346] chdir("./file0") = 0
[pid 346] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 346] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 346] memfd_create("syzkaller", 0) = 7
[pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 346] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 346] munmap(0x7f75d43ae000, 138412032) = 0
[pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 346] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 346] ioctl(8, LOOP_CLR_FD) = 0
[pid 346] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 346] close(8) = 0
[pid 346] close(7) = 0
[ 28.947873][ T346] loop0: detected capacity change from 0 to 512
[ 28.955099][ T346] EXT4-fs: Ignoring removed bh option
[ 28.960707][ T346] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.970178][ T346] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.975723][ T346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 346] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 346] exit_group(0) = ?
[pid 346] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x555556770660, 24) = 0
[pid 348] chdir("./21") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 348] munmap(0x7f75d43ae000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.995539][ T346] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.022695][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] mkdir("./file0", 0777) = 0
[pid 348] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("./file0") = 0
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] creat("./bus", 000) = 4
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 348] chdir("./file0") = 0
[pid 348] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 348] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 348] memfd_create("syzkaller", 0) = 7
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 348] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 348] munmap(0x7f75d43ae000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 348] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 348] ioctl(8, LOOP_CLR_FD) = 0
[pid 348] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 348] close(8) = 0
[pid 348] close(7) = 0
[ 29.044451][ T348] loop0: detected capacity change from 0 to 512
[ 29.051660][ T348] EXT4-fs: Ignoring removed bh option
[ 29.057412][ T348] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.066930][ T348] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.072428][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 348] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 350
./strace-static-x86_64: Process 350 attached
[pid 350] set_robust_list(0x555556770660, 24) = 0
[pid 350] chdir("./22") = 0
[pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 350] setpgid(0, 0) = 0
[pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 350] write(3, "1000", 4) = 4
[pid 350] close(3) = 0
[pid 350] symlink("/dev/binderfs", "./binderfs") = 0
[pid 350] memfd_create("syzkaller", 0) = 3
[pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 350] munmap(0x7f75d43ae000, 138412032) = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.090436][ T348] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.115452][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 350] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 350] close(3) = 0
[pid 350] mkdir("./file0", 0777) = 0
[pid 350] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 350] chdir("./file0") = 0
[pid 350] ioctl(4, LOOP_CLR_FD) = 0
[pid 350] close(4) = 0
[pid 350] creat("./bus", 000) = 4
[pid 350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 350] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 350] chdir("./file0") = 0
[pid 350] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 350] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 350] memfd_create("syzkaller", 0) = 7
[pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 350] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 350] munmap(0x7f75d43ae000, 138412032) = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 350] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 350] ioctl(8, LOOP_CLR_FD) = 0
[pid 350] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 350] close(8) = 0
[pid 350] close(7) = 0
[ 29.138826][ T350] loop0: detected capacity change from 0 to 512
[ 29.145924][ T350] EXT4-fs: Ignoring removed bh option
[ 29.151916][ T350] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.161425][ T350] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.166877][ T350] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 350] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 350] exit_group(0) = ?
[pid 350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 352
./strace-static-x86_64: Process 352 attached
[pid 352] set_robust_list(0x555556770660, 24) = 0
[pid 352] chdir("./23") = 0
[pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 352] setpgid(0, 0) = 0
[pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 352] write(3, "1000", 4) = 4
[pid 352] close(3) = 0
[pid 352] symlink("/dev/binderfs", "./binderfs") = 0
[pid 352] memfd_create("syzkaller", 0) = 3
[pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 352] munmap(0x7f75d43ae000, 138412032) = 0
[pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 352] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 352] close(3) = 0
[pid 352] mkdir("./file0", 0777) = 0
[ 29.186361][ T350] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.211873][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.231590][ T352] loop0: detected capacity change from 0 to 512
[pid 352] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 352] chdir("./file0") = 0
[pid 352] ioctl(4, LOOP_CLR_FD) = 0
[pid 352] close(4) = 0
[pid 352] creat("./bus", 000) = 4
[pid 352] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 352] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 352] chdir("./file0") = 0
[pid 352] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 352] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 352] memfd_create("syzkaller", 0) = 7
[pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 352] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 352] munmap(0x7f75d43ae000, 138412032) = 0
[pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 352] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 352] ioctl(8, LOOP_CLR_FD) = 0
[pid 352] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 352] close(8) = 0
[pid 352] close(7) = 0
[ 29.238653][ T352] EXT4-fs: Ignoring removed bh option
[ 29.244234][ T352] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.253636][ T352] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.259413][ T352] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 352] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 352] exit_group(0) = ?
[pid 352] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x555556770660, 24) = 0
[pid 354] chdir("./24") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 354] munmap(0x7f75d43ae000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] mkdir("./file0", 0777) = 0
[ 29.279320][ T352] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.306427][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.329211][ T354] loop0: detected capacity change from 0 to 512
[pid 354] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file0") = 0
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] creat("./bus", 000) = 4
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 354] chdir("./file0") = 0
[pid 354] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 354] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 354] memfd_create("syzkaller", 0) = 7
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 354] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 354] munmap(0x7f75d43ae000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 354] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 354] ioctl(8, LOOP_CLR_FD) = 0
[pid 354] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 354] close(8) = 0
[pid 354] close(7) = 0
[ 29.336172][ T354] EXT4-fs: Ignoring removed bh option
[ 29.341960][ T354] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.351558][ T354] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.357101][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 354] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 356
./strace-static-x86_64: Process 356 attached
[pid 356] set_robust_list(0x555556770660, 24) = 0
[pid 356] chdir("./25") = 0
[pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 356] setpgid(0, 0) = 0
[pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 356] write(3, "1000", 4) = 4
[pid 356] close(3) = 0
[pid 356] symlink("/dev/binderfs", "./binderfs") = 0
[pid 356] memfd_create("syzkaller", 0) = 3
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 356] munmap(0x7f75d43ae000, 138412032) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 356] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 356] close(3) = 0
[pid 356] mkdir("./file0", 0777) = 0
[ 29.379888][ T354] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.407520][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.423833][ T356] loop0: detected capacity change from 0 to 512
[ 29.431006][ T356] EXT4-fs: Ignoring removed bh option
[pid 356] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 356] chdir("./file0") = 0
[pid 356] ioctl(4, LOOP_CLR_FD) = 0
[pid 356] close(4) = 0
[pid 356] creat("./bus", 000) = 4
[pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 356] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 356] chdir("./file0") = 0
[pid 356] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 356] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 356] memfd_create("syzkaller", 0) = 7
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 356] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 356] munmap(0x7f75d43ae000, 138412032) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 356] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 356] ioctl(8, LOOP_CLR_FD) = 0
[pid 356] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 356] close(8) = 0
[pid 356] close(7) = 0
[pid 356] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 356] exit_group(0) = ?
[pid 356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
[ 29.436529][ T356] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.446072][ T356] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.451722][ T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 29.471051][ T356] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 359
./strace-static-x86_64: Process 359 attached
[pid 359] set_robust_list(0x555556770660, 24) = 0
[pid 359] chdir("./26") = 0
[pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 359] setpgid(0, 0) = 0
[pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 359] write(3, "1000", 4) = 4
[pid 359] close(3) = 0
[pid 359] symlink("/dev/binderfs", "./binderfs") = 0
[pid 359] memfd_create("syzkaller", 0) = 3
[pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 359] munmap(0x7f75d43ae000, 138412032) = 0
[pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 359] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 359] close(3) = 0
[pid 359] mkdir("./file0", 0777) = 0
[ 29.494308][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.516915][ T359] loop0: detected capacity change from 0 to 512
[ 29.524019][ T359] EXT4-fs: Ignoring removed bh option
[ 29.529650][ T359] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 359] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 359] chdir("./file0") = 0
[pid 359] ioctl(4, LOOP_CLR_FD) = 0
[pid 359] close(4) = 0
[pid 359] creat("./bus", 000) = 4
[pid 359] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 359] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 359] chdir("./file0") = 0
[pid 359] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 359] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 359] memfd_create("syzkaller", 0) = 7
[pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 359] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 359] munmap(0x7f75d43ae000, 138412032) = 0
[pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 359] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 359] ioctl(8, LOOP_CLR_FD) = 0
[pid 359] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 359] close(8) = 0
[pid 359] close(7) = 0
[pid 359] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 359] exit_group(0) = ?
[pid 359] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
[ 29.539693][ T359] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.545145][ T359] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 29.567284][ T359] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 361
./strace-static-x86_64: Process 361 attached
[pid 361] set_robust_list(0x555556770660, 24) = 0
[pid 361] chdir("./27") = 0
[pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 361] setpgid(0, 0) = 0
[pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 361] write(3, "1000", 4) = 4
[pid 361] close(3) = 0
[pid 361] symlink("/dev/binderfs", "./binderfs") = 0
[pid 361] memfd_create("syzkaller", 0) = 3
[pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 361] munmap(0x7f75d43ae000, 138412032) = 0
[pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 361] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 361] close(3) = 0
[pid 361] mkdir("./file0", 0777) = 0
[ 29.594500][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.615112][ T361] loop0: detected capacity change from 0 to 512
[ 29.622503][ T361] EXT4-fs: Ignoring removed bh option
[ 29.628135][ T361] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.637693][ T361] EXT4-fs (loop0): 1 truncate cleaned up
[pid 361] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 361] chdir("./file0") = 0
[pid 361] ioctl(4, LOOP_CLR_FD) = 0
[pid 361] close(4) = 0
[pid 361] creat("./bus", 000) = 4
[pid 361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 361] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 361] chdir("./file0") = 0
[pid 361] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 361] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 361] memfd_create("syzkaller", 0) = 7
[pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 361] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 361] munmap(0x7f75d43ae000, 138412032) = 0
[pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 361] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 361] ioctl(8, LOOP_CLR_FD) = 0
[pid 361] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 361] close(8) = 0
[pid 361] close(7) = 0
[pid 361] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 361] exit_group(0) = ?
[pid 361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 363
./strace-static-x86_64: Process 363 attached
[pid 363] set_robust_list(0x555556770660, 24) = 0
[pid 363] chdir("./28") = 0
[pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 363] setpgid(0, 0) = 0
[pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 363] write(3, "1000", 4) = 4
[pid 363] close(3) = 0
[pid 363] symlink("/dev/binderfs", "./binderfs") = 0
[pid 363] memfd_create("syzkaller", 0) = 3
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 363] munmap(0x7f75d43ae000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.643144][ T361] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 29.663475][ T361] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.687103][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 363] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 363] close(3) = 0
[pid 363] mkdir("./file0", 0777) = 0
[pid 363] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 363] chdir("./file0") = 0
[pid 363] ioctl(4, LOOP_CLR_FD) = 0
[pid 363] close(4) = 0
[pid 363] creat("./bus", 000) = 4
[pid 363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 363] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 363] chdir("./file0") = 0
[pid 363] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 363] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 363] memfd_create("syzkaller", 0) = 7
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 363] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 363] munmap(0x7f75d43ae000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 363] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 363] ioctl(8, LOOP_CLR_FD) = 0
[pid 363] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 363] close(8) = 0
[pid 363] close(7) = 0
[ 29.709954][ T363] loop0: detected capacity change from 0 to 512
[ 29.717430][ T363] EXT4-fs: Ignoring removed bh option
[ 29.722821][ T363] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.732314][ T363] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.737829][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 363] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 363] exit_group(0) = ?
[pid 363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 365
./strace-static-x86_64: Process 365 attached
[pid 365] set_robust_list(0x555556770660, 24) = 0
[pid 365] chdir("./29") = 0
[pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 365] setpgid(0, 0) = 0
[pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 365] write(3, "1000", 4) = 4
[pid 365] close(3) = 0
[pid 365] symlink("/dev/binderfs", "./binderfs") = 0
[pid 365] memfd_create("syzkaller", 0) = 3
[pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 365] munmap(0x7f75d43ae000, 138412032) = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 365] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 365] close(3) = 0
[pid 365] mkdir("./file0", 0777) = 0
[ 29.757666][ T363] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.781783][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.801585][ T365] loop0: detected capacity change from 0 to 512
[pid 365] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 365] chdir("./file0") = 0
[pid 365] ioctl(4, LOOP_CLR_FD) = 0
[pid 365] close(4) = 0
[pid 365] creat("./bus", 000) = 4
[pid 365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 365] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 365] chdir("./file0") = 0
[pid 365] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 365] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 365] memfd_create("syzkaller", 0) = 7
[pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 365] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 365] munmap(0x7f75d43ae000, 138412032) = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 365] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 365] ioctl(8, LOOP_CLR_FD) = 0
[pid 365] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 365] close(8) = 0
[pid 365] close(7) = 0
[ 29.808571][ T365] EXT4-fs: Ignoring removed bh option
[ 29.814061][ T365] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.823576][ T365] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.829324][ T365] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 365] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 365] exit_group(0) = ?
[pid 365] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 367
./strace-static-x86_64: Process 367 attached
[pid 367] set_robust_list(0x555556770660, 24) = 0
[pid 367] chdir("./30") = 0
[pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 367] setpgid(0, 0) = 0
[pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 367] write(3, "1000", 4) = 4
[pid 367] close(3) = 0
[pid 367] symlink("/dev/binderfs", "./binderfs") = 0
[pid 367] memfd_create("syzkaller", 0) = 3
[pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 367] munmap(0x7f75d43ae000, 138412032) = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 367] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 367] close(3) = 0
[pid 367] mkdir("./file0", 0777) = 0
[ 29.849408][ T365] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.874433][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.897252][ T367] loop0: detected capacity change from 0 to 512
[ 29.904439][ T367] EXT4-fs: Ignoring removed bh option
[pid 367] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 367] chdir("./file0") = 0
[pid 367] ioctl(4, LOOP_CLR_FD) = 0
[pid 367] close(4) = 0
[pid 367] creat("./bus", 000) = 4
[pid 367] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 367] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 367] chdir("./file0") = 0
[pid 367] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 367] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 367] memfd_create("syzkaller", 0) = 7
[pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 367] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 367] munmap(0x7f75d43ae000, 138412032) = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 367] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 367] ioctl(8, LOOP_CLR_FD) = 0
[pid 367] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 367] close(8) = 0
[pid 367] close(7) = 0
[ 29.910117][ T367] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.919719][ T367] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.925166][ T367] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 367] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 367] exit_group(0) = ?
[pid 367] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 369
./strace-static-x86_64: Process 369 attached
[pid 369] set_robust_list(0x555556770660, 24) = 0
[pid 369] chdir("./31") = 0
[pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 369] setpgid(0, 0) = 0
[pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 369] write(3, "1000", 4) = 4
[pid 369] close(3) = 0
[pid 369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 369] memfd_create("syzkaller", 0) = 3
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 369] munmap(0x7f75d43ae000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 369] close(3) = 0
[pid 369] mkdir("./file0", 0777) = 0
[ 29.944692][ T367] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.970175][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 29.990490][ T369] loop0: detected capacity change from 0 to 512
[ 29.997563][ T369] EXT4-fs: Ignoring removed bh option
[ 30.003053][ T369] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 369] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 369] chdir("./file0") = 0
[pid 369] ioctl(4, LOOP_CLR_FD) = 0
[pid 369] close(4) = 0
[pid 369] creat("./bus", 000) = 4
[pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 369] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 369] chdir("./file0") = 0
[pid 369] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 369] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 369] memfd_create("syzkaller", 0) = 7
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 369] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 369] munmap(0x7f75d43ae000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 369] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 369] ioctl(8, LOOP_CLR_FD) = 0
[pid 369] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 369] close(8) = 0
[pid 369] close(7) = 0
[pid 369] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 369] exit_group(0) = ?
[pid 369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 371
./strace-static-x86_64: Process 371 attached
[pid 371] set_robust_list(0x555556770660, 24) = 0
[pid 371] chdir("./32") = 0
[pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 371] setpgid(0, 0) = 0
[pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 371] write(3, "1000", 4) = 4
[pid 371] close(3) = 0
[pid 371] symlink("/dev/binderfs", "./binderfs") = 0
[pid 371] memfd_create("syzkaller", 0) = 3
[pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 371] munmap(0x7f75d43ae000, 138412032) = 0
[pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.012691][ T369] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.018194][ T369] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 30.038691][ T369] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 371] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 371] close(3) = 0
[pid 371] mkdir("./file0", 0777) = 0
[pid 371] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 371] chdir("./file0") = 0
[pid 371] ioctl(4, LOOP_CLR_FD) = 0
[pid 371] close(4) = 0
[pid 371] creat("./bus", 000) = 4
[pid 371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 371] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 371] chdir("./file0") = 0
[pid 371] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 371] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 371] memfd_create("syzkaller", 0) = 7
[pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 371] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 371] munmap(0x7f75d43ae000, 138412032) = 0
[pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 371] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 371] ioctl(8, LOOP_CLR_FD) = 0
[pid 371] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 371] close(8) = 0
[pid 371] close(7) = 0
[ 30.079859][ T371] loop0: detected capacity change from 0 to 512
[ 30.087421][ T371] EXT4-fs: Ignoring removed bh option
[ 30.092880][ T371] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.102438][ T371] EXT4-fs (loop0): 1 truncate cleaned up
[pid 371] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 371] exit_group(0) = ?
[pid 371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 373 attached
[pid 373] set_robust_list(0x555556770660, 24) = 0
[pid 373] chdir("./33") = 0
[pid 299] <... clone resumed>, child_tidptr=0x555556770650) = 373
[pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 373] setpgid(0, 0) = 0
[pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 373] write(3, "1000", 4) = 4
[pid 373] close(3) = 0
[pid 373] symlink("/dev/binderfs", "./binderfs") = 0
[pid 373] memfd_create("syzkaller", 0) = 3
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 373] munmap(0x7f75d43ae000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 373] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 373] close(3) = 0
[pid 373] mkdir("./file0", 0777) = 0
[ 30.119563][ T371] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.163140][ T373] loop0: detected capacity change from 0 to 512
[ 30.170742][ T373] EXT4-fs: Ignoring removed bh option
[pid 373] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 373] chdir("./file0") = 0
[pid 373] ioctl(4, LOOP_CLR_FD) = 0
[pid 373] close(4) = 0
[pid 373] creat("./bus", 000) = 4
[pid 373] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 373] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 373] chdir("./file0") = 0
[pid 373] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 373] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 373] memfd_create("syzkaller", 0) = 7
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 373] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 373] munmap(0x7f75d43ae000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 373] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 373] ioctl(8, LOOP_CLR_FD) = 0
[pid 373] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 373] close(8) = 0
[pid 373] close(7) = 0
[pid 373] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 373] exit_group(0) = ?
[pid 373] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x555556770660, 24) = 0
[pid 375] chdir("./34") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
[pid 375] memfd_create("syzkaller", 0) = 3
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 375] munmap(0x7f75d43ae000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.176228][ T373] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.185747][ T373] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.204734][ T373] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 375] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 375] close(3) = 0
[pid 375] mkdir("./file0", 0777) = 0
[pid 375] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 375] chdir("./file0") = 0
[pid 375] ioctl(4, LOOP_CLR_FD) = 0
[pid 375] close(4) = 0
[pid 375] creat("./bus", 000) = 4
[pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 375] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 375] chdir("./file0") = 0
[pid 375] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 375] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 375] memfd_create("syzkaller", 0) = 7
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 375] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 375] munmap(0x7f75d43ae000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 375] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 375] ioctl(8, LOOP_CLR_FD) = 0
[pid 375] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 375] close(8) = 0
[pid 375] close(7) = 0
[ 30.242720][ T375] loop0: detected capacity change from 0 to 512
[ 30.250091][ T375] EXT4-fs: Ignoring removed bh option
[ 30.255784][ T375] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.265545][ T375] EXT4-fs (loop0): 1 truncate cleaned up
[pid 375] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 377
./strace-static-x86_64: Process 377 attached
[pid 377] set_robust_list(0x555556770660, 24) = 0
[pid 377] chdir("./35") = 0
[pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 377] setpgid(0, 0) = 0
[pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 377] write(3, "1000", 4) = 4
[pid 377] close(3) = 0
[pid 377] symlink("/dev/binderfs", "./binderfs") = 0
[pid 377] memfd_create("syzkaller", 0) = 3
[pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 377] munmap(0x7f75d43ae000, 138412032) = 0
[pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 377] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 377] close(3) = 0
[pid 377] mkdir("./file0", 0777) = 0
[ 30.282112][ T375] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.322305][ T377] loop0: detected capacity change from 0 to 512
[ 30.329336][ T377] EXT4-fs: Ignoring removed bh option
[ 30.334822][ T377] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 377] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 377] chdir("./file0") = 0
[pid 377] ioctl(4, LOOP_CLR_FD) = 0
[pid 377] close(4) = 0
[pid 377] creat("./bus", 000) = 4
[pid 377] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 377] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 377] chdir("./file0") = 0
[pid 377] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 377] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 377] memfd_create("syzkaller", 0) = 7
[pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 377] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 377] munmap(0x7f75d43ae000, 138412032) = 0
[pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 377] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 377] ioctl(8, LOOP_CLR_FD) = 0
[pid 377] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 377] close(8) = 0
[pid 377] close(7) = 0
[pid 377] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 377] exit_group(0) = ?
[pid 377] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 379
./strace-static-x86_64: Process 379 attached
[pid 379] set_robust_list(0x555556770660, 24) = 0
[pid 379] chdir("./36") = 0
[pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 379] setpgid(0, 0) = 0
[pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 379] write(3, "1000", 4) = 4
[pid 379] close(3) = 0
[pid 379] symlink("/dev/binderfs", "./binderfs") = 0
[pid 379] memfd_create("syzkaller", 0) = 3
[pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 379] munmap(0x7f75d43ae000, 138412032) = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.344422][ T377] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.360993][ T377] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 379] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 379] close(3) = 0
[pid 379] mkdir("./file0", 0777) = 0
[pid 379] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 379] chdir("./file0") = 0
[pid 379] ioctl(4, LOOP_CLR_FD) = 0
[pid 379] close(4) = 0
[pid 379] creat("./bus", 000) = 4
[pid 379] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 379] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 379] chdir("./file0") = 0
[pid 379] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 379] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 379] memfd_create("syzkaller", 0) = 7
[pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 379] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 379] munmap(0x7f75d43ae000, 138412032) = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 379] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 379] ioctl(8, LOOP_CLR_FD) = 0
[pid 379] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 379] close(8) = 0
[pid 379] close(7) = 0
[ 30.402263][ T379] loop0: detected capacity change from 0 to 512
[ 30.409792][ T379] EXT4-fs: Ignoring removed bh option
[ 30.415476][ T379] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.425285][ T379] EXT4-fs (loop0): 1 truncate cleaned up
[pid 379] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 379] exit_group(0) = ?
[pid 379] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 382
./strace-static-x86_64: Process 382 attached
[pid 382] set_robust_list(0x555556770660, 24) = 0
[pid 382] chdir("./37") = 0
[pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 382] setpgid(0, 0) = 0
[pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 382] write(3, "1000", 4) = 4
[pid 382] close(3) = 0
[pid 382] symlink("/dev/binderfs", "./binderfs") = 0
[pid 382] memfd_create("syzkaller", 0) = 3
[pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 382] munmap(0x7f75d43ae000, 138412032) = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 382] close(3) = 0
[pid 382] mkdir("./file0", 0777) = 0
[ 30.443125][ T379] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.482592][ T382] loop0: detected capacity change from 0 to 512
[ 30.490423][ T382] EXT4-fs: Ignoring removed bh option
[pid 382] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 382] chdir("./file0") = 0
[pid 382] ioctl(4, LOOP_CLR_FD) = 0
[pid 382] close(4) = 0
[pid 382] creat("./bus", 000) = 4
[pid 382] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 382] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 382] chdir("./file0") = 0
[pid 382] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 382] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 382] memfd_create("syzkaller", 0) = 7
[pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 382] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 382] munmap(0x7f75d43ae000, 138412032) = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 382] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 382] ioctl(8, LOOP_CLR_FD) = 0
[pid 382] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 382] close(8) = 0
[pid 382] close(7) = 0
[pid 382] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 382] exit_group(0) = ?
[pid 382] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 384
./strace-static-x86_64: Process 384 attached
[pid 384] set_robust_list(0x555556770660, 24) = 0
[pid 384] chdir("./38") = 0
[pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 384] setpgid(0, 0) = 0
[pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 384] write(3, "1000", 4) = 4
[pid 384] close(3) = 0
[pid 384] symlink("/dev/binderfs", "./binderfs") = 0
[pid 384] memfd_create("syzkaller", 0) = 3
[pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 384] munmap(0x7f75d43ae000, 138412032) = 0
[pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.496041][ T382] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.505581][ T382] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.523144][ T382] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 384] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 384] close(3) = 0
[pid 384] mkdir("./file0", 0777) = 0
[pid 384] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 384] chdir("./file0") = 0
[pid 384] ioctl(4, LOOP_CLR_FD) = 0
[pid 384] close(4) = 0
[pid 384] creat("./bus", 000) = 4
[pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 384] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 384] chdir("./file0") = 0
[pid 384] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 384] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 384] memfd_create("syzkaller", 0) = 7
[pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 384] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 384] munmap(0x7f75d43ae000, 138412032) = 0
[pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 384] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 384] ioctl(8, LOOP_CLR_FD) = 0
[pid 384] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 384] close(8) = 0
[pid 384] close(7) = 0
[ 30.565854][ T384] loop0: detected capacity change from 0 to 512
[ 30.573018][ T384] EXT4-fs: Ignoring removed bh option
[ 30.578700][ T384] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.588376][ T384] EXT4-fs (loop0): 1 truncate cleaned up
[pid 384] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 384] exit_group(0) = ?
[pid 384] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 386
./strace-static-x86_64: Process 386 attached
[pid 386] set_robust_list(0x555556770660, 24) = 0
[pid 386] chdir("./39") = 0
[pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 386] setpgid(0, 0) = 0
[pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 386] write(3, "1000", 4) = 4
[pid 386] close(3) = 0
[pid 386] symlink("/dev/binderfs", "./binderfs") = 0
[pid 386] memfd_create("syzkaller", 0) = 3
[pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 386] munmap(0x7f75d43ae000, 138412032) = 0
[pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 386] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 386] close(3) = 0
[pid 386] mkdir("./file0", 0777) = 0
[ 30.607948][ T384] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.645822][ T386] loop0: detected capacity change from 0 to 512
[ 30.653054][ T386] EXT4-fs: Ignoring removed bh option
[pid 386] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 386] chdir("./file0") = 0
[pid 386] ioctl(4, LOOP_CLR_FD) = 0
[pid 386] close(4) = 0
[pid 386] creat("./bus", 000) = 4
[pid 386] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 386] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 386] chdir("./file0") = 0
[pid 386] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 386] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 386] memfd_create("syzkaller", 0) = 7
[pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 386] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 386] munmap(0x7f75d43ae000, 138412032) = 0
[pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 386] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 386] ioctl(8, LOOP_CLR_FD) = 0
[pid 386] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 386] close(8) = 0
[pid 386] close(7) = 0
[pid 386] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 386] exit_group(0) = ?
[pid 386] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 388
./strace-static-x86_64: Process 388 attached
[pid 388] set_robust_list(0x555556770660, 24) = 0
[pid 388] chdir("./40") = 0
[pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 388] setpgid(0, 0) = 0
[pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 388] write(3, "1000", 4) = 4
[pid 388] close(3) = 0
[pid 388] symlink("/dev/binderfs", "./binderfs") = 0
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 388] munmap(0x7f75d43ae000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.659062][ T386] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.668499][ T386] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.686183][ T386] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[pid 388] mkdir("./file0", 0777) = 0
[pid 388] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("./file0") = 0
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] creat("./bus", 000) = 4
[pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 388] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 388] chdir("./file0") = 0
[pid 388] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 388] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 388] memfd_create("syzkaller", 0) = 7
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 388] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 388] munmap(0x7f75d43ae000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 388] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 388] ioctl(8, LOOP_CLR_FD) = 0
[pid 388] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 388] close(8) = 0
[pid 388] close(7) = 0
[ 30.728278][ T388] loop0: detected capacity change from 0 to 512
[ 30.736188][ T388] EXT4-fs: Ignoring removed bh option
[ 30.741883][ T388] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.751225][ T388] EXT4-fs (loop0): 1 truncate cleaned up
[pid 388] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 388] exit_group(0) = ?
[pid 388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 390
./strace-static-x86_64: Process 390 attached
[pid 390] set_robust_list(0x555556770660, 24) = 0
[pid 390] chdir("./41") = 0
[pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 390] setpgid(0, 0) = 0
[pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 390] write(3, "1000", 4) = 4
[pid 390] close(3) = 0
[pid 390] symlink("/dev/binderfs", "./binderfs") = 0
[pid 390] memfd_create("syzkaller", 0) = 3
[pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 390] munmap(0x7f75d43ae000, 138412032) = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 390] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 390] close(3) = 0
[pid 390] mkdir("./file0", 0777) = 0
[ 30.768570][ T388] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.807094][ T390] loop0: detected capacity change from 0 to 512
[ 30.814067][ T390] EXT4-fs: Ignoring removed bh option
[ 30.819780][ T390] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 390] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 390] chdir("./file0") = 0
[pid 390] ioctl(4, LOOP_CLR_FD) = 0
[pid 390] close(4) = 0
[pid 390] creat("./bus", 000) = 4
[pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 390] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 390] chdir("./file0") = 0
[pid 390] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 390] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 390] memfd_create("syzkaller", 0) = 7
[pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 390] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 390] munmap(0x7f75d43ae000, 138412032) = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 390] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 390] ioctl(8, LOOP_CLR_FD) = 0
[pid 390] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 390] close(8) = 0
[pid 390] close(7) = 0
[pid 390] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 390] exit_group(0) = ?
[pid 390] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 392
./strace-static-x86_64: Process 392 attached
[pid 392] set_robust_list(0x555556770660, 24) = 0
[pid 392] chdir("./42") = 0
[pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 392] setpgid(0, 0) = 0
[pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 392] write(3, "1000", 4) = 4
[pid 392] close(3) = 0
[pid 392] symlink("/dev/binderfs", "./binderfs") = 0
[pid 392] memfd_create("syzkaller", 0) = 3
[pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 392] munmap(0x7f75d43ae000, 138412032) = 0
[pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.829448][ T390] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.842871][ T390] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 392] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 392] close(3) = 0
[pid 392] mkdir("./file0", 0777) = 0
[pid 392] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 392] chdir("./file0") = 0
[pid 392] ioctl(4, LOOP_CLR_FD) = 0
[pid 392] close(4) = 0
[pid 392] creat("./bus", 000) = 4
[pid 392] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 392] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 392] chdir("./file0") = 0
[pid 392] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 392] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 392] memfd_create("syzkaller", 0) = 7
[pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 392] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 392] munmap(0x7f75d43ae000, 138412032) = 0
[pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 392] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 392] ioctl(8, LOOP_CLR_FD) = 0
[pid 392] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 392] close(8) = 0
[pid 392] close(7) = 0
[ 30.879994][ T392] loop0: detected capacity change from 0 to 512
[ 30.887376][ T392] EXT4-fs: Ignoring removed bh option
[ 30.892892][ T392] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.902194][ T392] EXT4-fs (loop0): 1 truncate cleaned up
[pid 392] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 392] exit_group(0) = ?
[pid 392] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 394
./strace-static-x86_64: Process 394 attached
[pid 394] set_robust_list(0x555556770660, 24) = 0
[pid 394] chdir("./43") = 0
[pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 394] setpgid(0, 0) = 0
[pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 394] write(3, "1000", 4) = 4
[pid 394] close(3) = 0
[pid 394] symlink("/dev/binderfs", "./binderfs") = 0
[pid 394] memfd_create("syzkaller", 0) = 3
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 394] munmap(0x7f75d43ae000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 394] close(3) = 0
[pid 394] mkdir("./file0", 0777) = 0
[pid 394] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 394] chdir("./file0") = 0
[pid 394] ioctl(4, LOOP_CLR_FD) = 0
[pid 394] close(4) = 0
[pid 394] creat("./bus", 000) = 4
[pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 394] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 394] chdir("./file0") = 0
[pid 394] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 394] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 394] memfd_create("syzkaller", 0) = 7
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 394] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 394] munmap(0x7f75d43ae000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 394] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 394] ioctl(8, LOOP_CLR_FD) = 0
[pid 394] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 394] close(8) = 0
[ 30.914529][ T392] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.947943][ T394] loop0: detected capacity change from 0 to 512
[ 30.955091][ T394] EXT4-fs: Ignoring removed bh option
[ 30.961079][ T394] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.970762][ T394] EXT4-fs (loop0): 1 truncate cleaned up
[pid 394] close(7) = 0
[pid 394] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 394] exit_group(0) = ?
[pid 394] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 396
./strace-static-x86_64: Process 396 attached
[pid 396] set_robust_list(0x555556770660, 24) = 0
[pid 396] chdir("./44") = 0
[pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 396] setpgid(0, 0) = 0
[pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 396] write(3, "1000", 4) = 4
[pid 396] close(3) = 0
[pid 396] symlink("/dev/binderfs", "./binderfs") = 0
[pid 396] memfd_create("syzkaller", 0) = 3
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 396] munmap(0x7f75d43ae000, 138412032) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 396] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 396] close(3) = 0
[pid 396] mkdir("./file0", 0777) = 0
[ 30.985153][ T394] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.021724][ T396] loop0: detected capacity change from 0 to 512
[ 31.029224][ T396] EXT4-fs: Ignoring removed bh option
[pid 396] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 396] chdir("./file0") = 0
[pid 396] ioctl(4, LOOP_CLR_FD) = 0
[pid 396] close(4) = 0
[pid 396] creat("./bus", 000) = 4
[pid 396] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 396] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 396] chdir("./file0") = 0
[pid 396] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 396] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 396] memfd_create("syzkaller", 0) = 7
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 396] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 396] munmap(0x7f75d43ae000, 138412032) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 396] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 396] ioctl(8, LOOP_CLR_FD) = 0
[pid 396] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 396] close(8) = 0
[pid 396] close(7) = 0
[pid 396] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 396] exit_group(0) = ?
[pid 396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 398
./strace-static-x86_64: Process 398 attached
[pid 398] set_robust_list(0x555556770660, 24) = 0
[pid 398] chdir("./45") = 0
[pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 398] setpgid(0, 0) = 0
[pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 398] write(3, "1000", 4) = 4
[pid 398] close(3) = 0
[pid 398] symlink("/dev/binderfs", "./binderfs") = 0
[pid 398] memfd_create("syzkaller", 0) = 3
[pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 398] munmap(0x7f75d43ae000, 138412032) = 0
[pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.034872][ T396] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.044460][ T396] EXT4-fs (loop0): 1 truncate cleaned up
[ 31.060133][ T396] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 398] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 398] close(3) = 0
[pid 398] mkdir("./file0", 0777) = 0
[pid 398] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 398] chdir("./file0") = 0
[pid 398] ioctl(4, LOOP_CLR_FD) = 0
[pid 398] close(4) = 0
[pid 398] creat("./bus", 000) = 4
[pid 398] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 398] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 398] chdir("./file0") = 0
[pid 398] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 398] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 398] memfd_create("syzkaller", 0) = 7
[pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 398] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 398] munmap(0x7f75d43ae000, 138412032) = 0
[pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 398] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 398] ioctl(8, LOOP_CLR_FD) = 0
[pid 398] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 398] close(8) = 0
[ 31.106205][ T398] loop0: detected capacity change from 0 to 512
[ 31.118405][ T398] EXT4-fs: Ignoring removed bh option
[ 31.124180][ T398] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.134643][ T398] EXT4-fs (loop0): 1 truncate cleaned up
[pid 398] close(7) = 0
[pid 398] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 398] exit_group(0) = ?
[pid 398] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 400
./strace-static-x86_64: Process 400 attached
[pid 400] set_robust_list(0x555556770660, 24) = 0
[pid 400] chdir("./46") = 0
[pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 400] setpgid(0, 0) = 0
[pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 400] write(3, "1000", 4) = 4
[pid 400] close(3) = 0
[pid 400] symlink("/dev/binderfs", "./binderfs") = 0
[pid 400] memfd_create("syzkaller", 0) = 3
[pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 400] munmap(0x7f75d43ae000, 138412032) = 0
[pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 400] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 400] close(3) = 0
[pid 400] mkdir("./file0", 0777) = 0
[ 31.168066][ T398] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.208193][ T400] loop0: detected capacity change from 0 to 512
[pid 400] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 400] chdir("./file0") = 0
[pid 400] ioctl(4, LOOP_CLR_FD) = 0
[pid 400] close(4) = 0
[pid 400] creat("./bus", 000) = 4
[pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 400] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 400] chdir("./file0") = 0
[pid 400] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 400] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 400] memfd_create("syzkaller", 0) = 7
[pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 400] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 400] munmap(0x7f75d43ae000, 138412032) = 0
[pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 400] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 400] ioctl(8, LOOP_CLR_FD) = 0
[pid 400] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 400] close(8) = 0
[pid 400] close(7) = 0
[ 31.215239][ T400] EXT4-fs: Ignoring removed bh option
[ 31.220964][ T400] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.231426][ T400] EXT4-fs (loop0): 1 truncate cleaned up
[pid 400] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 400] exit_group(0) = ?
[pid 400] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 402
./strace-static-x86_64: Process 402 attached
[pid 402] set_robust_list(0x555556770660, 24) = 0
[pid 402] chdir("./47") = 0
[pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 402] setpgid(0, 0) = 0
[pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 402] write(3, "1000", 4) = 4
[pid 402] close(3) = 0
[pid 402] symlink("/dev/binderfs", "./binderfs") = 0
[pid 402] memfd_create("syzkaller", 0) = 3
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[ 31.252302][ T400] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 402] munmap(0x7f75d43ae000, 138412032) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 402] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 402] close(3) = 0
[pid 402] mkdir("./file0", 0777) = 0
[pid 402] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 402] chdir("./file0") = 0
[pid 402] ioctl(4, LOOP_CLR_FD) = 0
[pid 402] close(4) = 0
[pid 402] creat("./bus", 000) = 4
[pid 402] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 402] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 402] chdir("./file0") = 0
[pid 402] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 402] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 402] memfd_create("syzkaller", 0) = 7
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 402] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 402] munmap(0x7f75d43ae000, 138412032) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 402] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 402] ioctl(8, LOOP_CLR_FD) = 0
[pid 402] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 402] close(8) = 0
[pid 402] close(7) = 0
[ 31.307862][ T402] loop0: detected capacity change from 0 to 512
[ 31.315039][ T402] EXT4-fs: Ignoring removed bh option
[ 31.320858][ T402] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.330450][ T402] EXT4-fs (loop0): 1 truncate cleaned up
[pid 402] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 402] exit_group(0) = ?
[pid 402] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 404
./strace-static-x86_64: Process 404 attached
[pid 404] set_robust_list(0x555556770660, 24) = 0
[pid 404] chdir("./48") = 0
[pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 404] setpgid(0, 0) = 0
[pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 404] write(3, "1000", 4) = 4
[pid 404] close(3) = 0
[pid 404] symlink("/dev/binderfs", "./binderfs") = 0
[pid 404] memfd_create("syzkaller", 0) = 3
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 404] munmap(0x7f75d43ae000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 404] close(3) = 0
[pid 404] mkdir("./file0", 0777) = 0
[ 31.346536][ T402] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.385392][ T404] loop0: detected capacity change from 0 to 512
[ 31.392958][ T404] EXT4-fs: Ignoring removed bh option
[ 31.398854][ T404] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 404] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 404] chdir("./file0") = 0
[pid 404] ioctl(4, LOOP_CLR_FD) = 0
[pid 404] close(4) = 0
[pid 404] creat("./bus", 000) = 4
[pid 404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 404] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 404] chdir("./file0") = 0
[pid 404] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 404] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 404] memfd_create("syzkaller", 0) = 7
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 404] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 404] munmap(0x7f75d43ae000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 404] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 404] ioctl(8, LOOP_CLR_FD) = 0
[pid 404] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 404] close(8) = 0
[pid 404] close(7) = 0
[pid 404] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 404] exit_group(0) = ?
[pid 404] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 406
./strace-static-x86_64: Process 406 attached
[pid 406] set_robust_list(0x555556770660, 24) = 0
[pid 406] chdir("./49") = 0
[pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 406] setpgid(0, 0) = 0
[pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 406] write(3, "1000", 4) = 4
[pid 406] close(3) = 0
[pid 406] symlink("/dev/binderfs", "./binderfs") = 0
[pid 406] memfd_create("syzkaller", 0) = 3
[pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 406] munmap(0x7f75d43ae000, 138412032) = 0
[pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.408233][ T404] EXT4-fs (loop0): 1 truncate cleaned up
[ 31.424381][ T404] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 406] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 406] close(3) = 0
[pid 406] mkdir("./file0", 0777) = 0
[pid 406] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 406] chdir("./file0") = 0
[pid 406] ioctl(4, LOOP_CLR_FD) = 0
[pid 406] close(4) = 0
[pid 406] creat("./bus", 000) = 4
[pid 406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 406] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 406] chdir("./file0") = 0
[pid 406] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 406] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 406] memfd_create("syzkaller", 0) = 7
[pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 406] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 406] munmap(0x7f75d43ae000, 138412032) = 0
[pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 406] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 406] ioctl(8, LOOP_CLR_FD) = 0
[pid 406] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 406] close(8) = 0
[pid 406] close(7) = 0
[ 31.465873][ T406] loop0: detected capacity change from 0 to 512
[ 31.473018][ T406] EXT4-fs: Ignoring removed bh option
[ 31.478775][ T406] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.488554][ T406] EXT4-fs (loop0): 1 truncate cleaned up
[pid 406] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 406] exit_group(0) = ?
[pid 406] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 409
./strace-static-x86_64: Process 409 attached
[pid 409] set_robust_list(0x555556770660, 24) = 0
[pid 409] chdir("./50") = 0
[pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 409] setpgid(0, 0) = 0
[pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 409] write(3, "1000", 4) = 4
[pid 409] close(3) = 0
[pid 409] symlink("/dev/binderfs", "./binderfs") = 0
[pid 409] memfd_create("syzkaller", 0) = 3
[pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 409] munmap(0x7f75d43ae000, 138412032) = 0
[pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 409] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 409] close(3) = 0
[pid 409] mkdir("./file0", 0777) = 0
[ 31.507501][ T406] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.548580][ T409] loop0: detected capacity change from 0 to 512
[ 31.555794][ T409] EXT4-fs: Ignoring removed bh option
[pid 409] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 409] chdir("./file0") = 0
[pid 409] ioctl(4, LOOP_CLR_FD) = 0
[pid 409] close(4) = 0
[pid 409] creat("./bus", 000) = 4
[pid 409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 409] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 409] chdir("./file0") = 0
[pid 409] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 409] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 409] memfd_create("syzkaller", 0) = 7
[pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 409] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 409] munmap(0x7f75d43ae000, 138412032) = 0
[pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 409] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 409] ioctl(8, LOOP_CLR_FD) = 0
[pid 409] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 409] close(8) = 0
[pid 409] close(7) = 0
[pid 409] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 409] exit_group(0) = ?
[pid 409] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=409, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 411
./strace-static-x86_64: Process 411 attached
[pid 411] set_robust_list(0x555556770660, 24) = 0
[pid 411] chdir("./51") = 0
[pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 411] setpgid(0, 0) = 0
[pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 411] write(3, "1000", 4) = 4
[pid 411] close(3) = 0
[pid 411] symlink("/dev/binderfs", "./binderfs") = 0
[pid 411] memfd_create("syzkaller", 0) = 3
[pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 411] munmap(0x7f75d43ae000, 138412032) = 0
[pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.561516][ T409] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.570998][ T409] EXT4-fs (loop0): 1 truncate cleaned up
[ 31.587601][ T409] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 411] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 411] close(3) = 0
[pid 411] mkdir("./file0", 0777) = 0
[pid 411] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 411] chdir("./file0") = 0
[pid 411] ioctl(4, LOOP_CLR_FD) = 0
[pid 411] close(4) = 0
[pid 411] creat("./bus", 000) = 4
[pid 411] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 411] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 411] chdir("./file0") = 0
[pid 411] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 411] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 411] memfd_create("syzkaller", 0) = 7
[pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 411] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 411] munmap(0x7f75d43ae000, 138412032) = 0
[pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 411] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 411] ioctl(8, LOOP_CLR_FD) = 0
[pid 411] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 411] close(8) = 0
[pid 411] close(7) = 0
[ 31.623293][ T411] loop0: detected capacity change from 0 to 512
[ 31.630538][ T411] EXT4-fs: Ignoring removed bh option
[ 31.636171][ T411] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.645653][ T411] EXT4-fs (loop0): 1 truncate cleaned up
[pid 411] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 411] exit_group(0) = ?
[pid 411] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 413
./strace-static-x86_64: Process 413 attached
[pid 413] set_robust_list(0x555556770660, 24) = 0
[pid 413] chdir("./52") = 0
[pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 413] setpgid(0, 0) = 0
[pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 413] write(3, "1000", 4) = 4
[pid 413] close(3) = 0
[pid 413] symlink("/dev/binderfs", "./binderfs") = 0
[pid 413] memfd_create("syzkaller", 0) = 3
[pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 413] munmap(0x7f75d43ae000, 138412032) = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 413] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 413] close(3) = 0
[pid 413] mkdir("./file0", 0777) = 0
[ 31.661229][ T411] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.699375][ T413] loop0: detected capacity change from 0 to 512
[ 31.706501][ T413] EXT4-fs: Ignoring removed bh option
[ 31.712208][ T413] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 413] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 413] chdir("./file0") = 0
[pid 413] ioctl(4, LOOP_CLR_FD) = 0
[pid 413] close(4) = 0
[pid 413] creat("./bus", 000) = 4
[pid 413] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 413] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 413] chdir("./file0") = 0
[pid 413] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 413] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 413] memfd_create("syzkaller", 0) = 7
[pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 413] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 413] munmap(0x7f75d43ae000, 138412032) = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 413] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 413] ioctl(8, LOOP_CLR_FD) = 0
[pid 413] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 413] close(8) = 0
[pid 413] close(7) = 0
[pid 413] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 413] exit_group(0) = ?
[pid 413] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 415
./strace-static-x86_64: Process 415 attached
[pid 415] set_robust_list(0x555556770660, 24) = 0
[pid 415] chdir("./53") = 0
[pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 415] setpgid(0, 0) = 0
[pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 415] write(3, "1000", 4) = 4
[pid 415] close(3) = 0
[pid 415] symlink("/dev/binderfs", "./binderfs") = 0
[pid 415] memfd_create("syzkaller", 0) = 3
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 415] munmap(0x7f75d43ae000, 138412032) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.722035][ T413] EXT4-fs (loop0): 1 truncate cleaned up
[ 31.736338][ T413] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 415] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 415] close(3) = 0
[pid 415] mkdir("./file0", 0777) = 0
[pid 415] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 415] chdir("./file0") = 0
[pid 415] ioctl(4, LOOP_CLR_FD) = 0
[pid 415] close(4) = 0
[pid 415] creat("./bus", 000) = 4
[pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 415] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 415] chdir("./file0") = 0
[pid 415] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 415] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 415] memfd_create("syzkaller", 0) = 7
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 415] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 415] munmap(0x7f75d43ae000, 138412032) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 415] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 415] ioctl(8, LOOP_CLR_FD) = 0
[pid 415] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 415] close(8) = 0
[pid 415] close(7) = 0
[ 31.777574][ T415] loop0: detected capacity change from 0 to 512
[ 31.784547][ T415] EXT4-fs: Ignoring removed bh option
[ 31.790096][ T415] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.800348][ T415] EXT4-fs (loop0): 1 truncate cleaned up
[pid 415] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 415] exit_group(0) = ?
[pid 415] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 417
./strace-static-x86_64: Process 417 attached
[pid 417] set_robust_list(0x555556770660, 24) = 0
[pid 417] chdir("./54") = 0
[pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 417] setpgid(0, 0) = 0
[pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 417] write(3, "1000", 4) = 4
[pid 417] close(3) = 0
[pid 417] symlink("/dev/binderfs", "./binderfs") = 0
[pid 417] memfd_create("syzkaller", 0) = 3
[pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 417] munmap(0x7f75d43ae000, 138412032) = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 417] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 417] close(3) = 0
[pid 417] mkdir("./file0", 0777) = 0
[ 31.827810][ T415] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.867625][ T417] loop0: detected capacity change from 0 to 512
[pid 417] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 417] chdir("./file0") = 0
[pid 417] ioctl(4, LOOP_CLR_FD) = 0
[pid 417] close(4) = 0
[pid 417] creat("./bus", 000) = 4
[pid 417] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 417] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 417] chdir("./file0") = 0
[pid 417] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 417] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 417] memfd_create("syzkaller", 0) = 7
[pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 417] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 417] munmap(0x7f75d43ae000, 138412032) = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 417] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 417] ioctl(8, LOOP_CLR_FD) = 0
[pid 417] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 417] close(8) = 0
[pid 417] close(7) = 0
[pid 417] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 417] exit_group(0) = ?
[pid 417] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 419
./strace-static-x86_64: Process 419 attached
[pid 419] set_robust_list(0x555556770660, 24) = 0
[pid 419] chdir("./55") = 0
[pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 419] setpgid(0, 0) = 0
[pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 419] write(3, "1000", 4) = 4
[pid 419] close(3) = 0
[pid 419] symlink("/dev/binderfs", "./binderfs") = 0
[pid 419] memfd_create("syzkaller", 0) = 3
[pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[ 31.874777][ T417] EXT4-fs: Ignoring removed bh option
[ 31.880349][ T417] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.889745][ T417] EXT4-fs (loop0): 1 truncate cleaned up
[ 31.906755][ T417] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 419] munmap(0x7f75d43ae000, 138412032) = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 419] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 419] close(3) = 0
[pid 419] mkdir("./file0", 0777) = 0
[pid 419] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 419] chdir("./file0") = 0
[pid 419] ioctl(4, LOOP_CLR_FD) = 0
[pid 419] close(4) = 0
[pid 419] creat("./bus", 000) = 4
[pid 419] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 419] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 419] chdir("./file0") = 0
[pid 419] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 419] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 419] memfd_create("syzkaller", 0) = 7
[pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 419] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 419] munmap(0x7f75d43ae000, 138412032) = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 419] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 419] ioctl(8, LOOP_CLR_FD) = 0
[pid 419] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 419] close(8) = 0
[pid 419] close(7) = 0
[ 31.950113][ T419] loop0: detected capacity change from 0 to 512
[ 31.958033][ T419] EXT4-fs: Ignoring removed bh option
[ 31.963603][ T419] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.972998][ T419] EXT4-fs (loop0): 1 truncate cleaned up
[pid 419] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 419] exit_group(0) = ?
[pid 419] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 421
./strace-static-x86_64: Process 421 attached
[pid 421] set_robust_list(0x555556770660, 24) = 0
[pid 421] chdir("./56") = 0
[pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 421] setpgid(0, 0) = 0
[pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 421] write(3, "1000", 4) = 4
[pid 421] close(3) = 0
[pid 421] symlink("/dev/binderfs", "./binderfs") = 0
[pid 421] memfd_create("syzkaller", 0) = 3
[pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 421] munmap(0x7f75d43ae000, 138412032) = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 421] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 421] close(3) = 0
[pid 421] mkdir("./file0", 0777) = 0
[ 31.990448][ T419] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.030539][ T421] loop0: detected capacity change from 0 to 512
[ 32.038005][ T421] EXT4-fs: Ignoring removed bh option
[pid 421] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 421] chdir("./file0") = 0
[pid 421] ioctl(4, LOOP_CLR_FD) = 0
[pid 421] close(4) = 0
[pid 421] creat("./bus", 000) = 4
[pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 421] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 421] chdir("./file0") = 0
[pid 421] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 421] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 421] memfd_create("syzkaller", 0) = 7
[pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 421] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 421] munmap(0x7f75d43ae000, 138412032) = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 421] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 421] ioctl(8, LOOP_CLR_FD) = 0
[pid 421] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 421] close(8) = 0
[pid 421] close(7) = 0
[pid 421] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 421] exit_group(0) = ?
[pid 421] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 423
./strace-static-x86_64: Process 423 attached
[pid 423] set_robust_list(0x555556770660, 24) = 0
[pid 423] chdir("./57") = 0
[pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 423] setpgid(0, 0) = 0
[pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 423] write(3, "1000", 4) = 4
[pid 423] close(3) = 0
[pid 423] symlink("/dev/binderfs", "./binderfs") = 0
[pid 423] memfd_create("syzkaller", 0) = 3
[pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 423] munmap(0x7f75d43ae000, 138412032) = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.043670][ T421] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.053200][ T421] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.068374][ T421] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 423] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 423] close(3) = 0
[pid 423] mkdir("./file0", 0777) = 0
[pid 423] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 423] chdir("./file0") = 0
[pid 423] ioctl(4, LOOP_CLR_FD) = 0
[pid 423] close(4) = 0
[pid 423] creat("./bus", 000) = 4
[pid 423] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 423] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 423] chdir("./file0") = 0
[pid 423] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 423] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 423] memfd_create("syzkaller", 0) = 7
[pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 423] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 423] munmap(0x7f75d43ae000, 138412032) = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 423] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 423] ioctl(8, LOOP_CLR_FD) = 0
[pid 423] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 423] close(8) = 0
[pid 423] close(7) = 0
[ 32.106510][ T423] loop0: detected capacity change from 0 to 512
[ 32.113585][ T423] EXT4-fs: Ignoring removed bh option
[ 32.119678][ T423] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.129409][ T423] EXT4-fs (loop0): 1 truncate cleaned up
[pid 423] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 423] exit_group(0) = ?
[pid 423] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 425
./strace-static-x86_64: Process 425 attached
[pid 425] set_robust_list(0x555556770660, 24) = 0
[pid 425] chdir("./58") = 0
[pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 425] setpgid(0, 0) = 0
[pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 425] write(3, "1000", 4) = 4
[pid 425] close(3) = 0
[pid 425] symlink("/dev/binderfs", "./binderfs") = 0
[pid 425] memfd_create("syzkaller", 0) = 3
[pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 425] munmap(0x7f75d43ae000, 138412032) = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 425] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 425] close(3) = 0
[pid 425] mkdir("./file0", 0777) = 0
[ 32.143451][ T423] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.190094][ T425] loop0: detected capacity change from 0 to 512
[ 32.197246][ T425] EXT4-fs: Ignoring removed bh option
[pid 425] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 425] chdir("./file0") = 0
[pid 425] ioctl(4, LOOP_CLR_FD) = 0
[pid 425] close(4) = 0
[pid 425] creat("./bus", 000) = 4
[pid 425] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 425] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 425] chdir("./file0") = 0
[pid 425] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 425] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 425] memfd_create("syzkaller", 0) = 7
[pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 425] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 425] munmap(0x7f75d43ae000, 138412032) = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 425] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 425] ioctl(8, LOOP_CLR_FD) = 0
[pid 425] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 425] close(8) = 0
[pid 425] close(7) = 0
[pid 425] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 425] exit_group(0) = ?
[pid 425] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 427
./strace-static-x86_64: Process 427 attached
[pid 427] set_robust_list(0x555556770660, 24) = 0
[pid 427] chdir("./59") = 0
[pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 427] setpgid(0, 0) = 0
[pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 427] write(3, "1000", 4) = 4
[pid 427] close(3) = 0
[pid 427] symlink("/dev/binderfs", "./binderfs") = 0
[pid 427] memfd_create("syzkaller", 0) = 3
[pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 427] munmap(0x7f75d43ae000, 138412032) = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.202756][ T425] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.212597][ T425] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.231001][ T425] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 427] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 427] close(3) = 0
[pid 427] mkdir("./file0", 0777) = 0
[pid 427] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 427] chdir("./file0") = 0
[pid 427] ioctl(4, LOOP_CLR_FD) = 0
[pid 427] close(4) = 0
[pid 427] creat("./bus", 000) = 4
[pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 427] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 427] chdir("./file0") = 0
[pid 427] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 427] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 427] memfd_create("syzkaller", 0) = 7
[pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 427] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 427] munmap(0x7f75d43ae000, 138412032) = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 427] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 427] ioctl(8, LOOP_CLR_FD) = 0
[pid 427] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 427] close(8) = 0
[pid 427] close(7) = 0
[ 32.272955][ T427] loop0: detected capacity change from 0 to 512
[ 32.280296][ T427] EXT4-fs: Ignoring removed bh option
[ 32.285916][ T427] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.295562][ T427] EXT4-fs (loop0): 1 truncate cleaned up
[pid 427] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 427] exit_group(0) = ?
[pid 427] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 429
./strace-static-x86_64: Process 429 attached
[pid 429] set_robust_list(0x555556770660, 24) = 0
[pid 429] chdir("./60") = 0
[pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 429] setpgid(0, 0) = 0
[pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 429] write(3, "1000", 4) = 4
[pid 429] close(3) = 0
[pid 429] symlink("/dev/binderfs", "./binderfs") = 0
[pid 429] memfd_create("syzkaller", 0) = 3
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 429] munmap(0x7f75d43ae000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 429] close(3) = 0
[pid 429] mkdir("./file0", 0777) = 0
[ 32.313014][ T427] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.352437][ T429] loop0: detected capacity change from 0 to 512
[ 32.359477][ T429] EXT4-fs: Ignoring removed bh option
[ 32.364867][ T429] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 429] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 429] chdir("./file0") = 0
[pid 429] ioctl(4, LOOP_CLR_FD) = 0
[pid 429] close(4) = 0
[pid 429] creat("./bus", 000) = 4
[pid 429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 429] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 429] chdir("./file0") = 0
[pid 429] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 429] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 429] memfd_create("syzkaller", 0) = 7
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 429] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 429] munmap(0x7f75d43ae000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 429] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 429] ioctl(8, LOOP_CLR_FD) = 0
[pid 429] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 429] close(8) = 0
[pid 429] close(7) = 0
[pid 429] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 429] exit_group(0) = ?
[pid 429] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 431
./strace-static-x86_64: Process 431 attached
[pid 431] set_robust_list(0x555556770660, 24) = 0
[pid 431] chdir("./61") = 0
[pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 431] setpgid(0, 0) = 0
[pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 431] write(3, "1000", 4) = 4
[pid 431] close(3) = 0
[pid 431] symlink("/dev/binderfs", "./binderfs") = 0
[pid 431] memfd_create("syzkaller", 0) = 3
[pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 431] munmap(0x7f75d43ae000, 138412032) = 0
[ 32.374689][ T429] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.392531][ T429] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 431] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 431] close(3) = 0
[pid 431] mkdir("./file0", 0777) = 0
[pid 431] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 431] chdir("./file0") = 0
[pid 431] ioctl(4, LOOP_CLR_FD) = 0
[pid 431] close(4) = 0
[pid 431] creat("./bus", 000) = 4
[pid 431] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 431] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 431] chdir("./file0") = 0
[pid 431] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 431] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 431] memfd_create("syzkaller", 0) = 7
[pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 431] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 431] munmap(0x7f75d43ae000, 138412032) = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 431] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 431] ioctl(8, LOOP_CLR_FD) = 0
[pid 431] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 431] close(8) = 0
[pid 431] close(7) = 0
[ 32.432799][ T431] loop0: detected capacity change from 0 to 512
[ 32.440100][ T431] EXT4-fs: Ignoring removed bh option
[ 32.445631][ T431] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.455449][ T431] EXT4-fs (loop0): 1 truncate cleaned up
[pid 431] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 431] exit_group(0) = ?
[pid 431] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 435
./strace-static-x86_64: Process 435 attached
[pid 435] set_robust_list(0x555556770660, 24) = 0
[pid 435] chdir("./62") = 0
[pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 435] setpgid(0, 0) = 0
[pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 435] write(3, "1000", 4) = 4
[pid 435] close(3) = 0
[pid 435] symlink("/dev/binderfs", "./binderfs") = 0
[pid 435] memfd_create("syzkaller", 0) = 3
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 435] munmap(0x7f75d43ae000, 138412032) = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 435] close(3) = 0
[pid 435] mkdir("./file0", 0777) = 0
[ 32.473917][ T431] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.512905][ T435] loop0: detected capacity change from 0 to 512
[ 32.520354][ T435] EXT4-fs: Ignoring removed bh option
[pid 435] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 435] chdir("./file0") = 0
[pid 435] ioctl(4, LOOP_CLR_FD) = 0
[pid 435] close(4) = 0
[pid 435] creat("./bus", 000) = 4
[pid 435] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 435] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 435] chdir("./file0") = 0
[pid 435] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 435] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 435] memfd_create("syzkaller", 0) = 7
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 435] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 435] munmap(0x7f75d43ae000, 138412032) = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 435] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 435] ioctl(8, LOOP_CLR_FD) = 0
[pid 435] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 435] close(8) = 0
[pid 435] close(7) = 0
[pid 435] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 435] exit_group(0) = ?
[pid 435] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 437
./strace-static-x86_64: Process 437 attached
[pid 437] set_robust_list(0x555556770660, 24) = 0
[pid 437] chdir("./63") = 0
[pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 437] setpgid(0, 0) = 0
[pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 437] write(3, "1000", 4) = 4
[pid 437] close(3) = 0
[pid 437] symlink("/dev/binderfs", "./binderfs") = 0
[pid 437] memfd_create("syzkaller", 0) = 3
[pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[ 32.525861][ T435] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.536069][ T435] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.551999][ T435] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 437] munmap(0x7f75d43ae000, 138412032) = 0
[pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 437] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 437] close(3) = 0
[pid 437] mkdir("./file0", 0777) = 0
[pid 437] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 437] chdir("./file0") = 0
[pid 437] ioctl(4, LOOP_CLR_FD) = 0
[pid 437] close(4) = 0
[pid 437] creat("./bus", 000) = 4
[pid 437] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 437] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 437] chdir("./file0") = 0
[pid 437] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 437] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 437] memfd_create("syzkaller", 0) = 7
[pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 437] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 437] munmap(0x7f75d43ae000, 138412032) = 0
[pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 437] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 437] ioctl(8, LOOP_CLR_FD) = 0
[pid 437] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 437] close(8) = 0
[pid 437] close(7) = 0
[ 32.592943][ T437] loop0: detected capacity change from 0 to 512
[ 32.600168][ T437] EXT4-fs: Ignoring removed bh option
[ 32.605745][ T437] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.615541][ T437] EXT4-fs (loop0): 1 truncate cleaned up
[pid 437] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 437] exit_group(0) = ?
[pid 437] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=437, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 439
./strace-static-x86_64: Process 439 attached
[pid 439] set_robust_list(0x555556770660, 24) = 0
[pid 439] chdir("./64") = 0
[pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 439] setpgid(0, 0) = 0
[pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 439] write(3, "1000", 4) = 4
[pid 439] close(3) = 0
[pid 439] symlink("/dev/binderfs", "./binderfs") = 0
[pid 439] memfd_create("syzkaller", 0) = 3
[pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 439] munmap(0x7f75d43ae000, 138412032) = 0
[pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 439] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 439] close(3) = 0
[pid 439] mkdir("./file0", 0777) = 0
[ 32.632712][ T437] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.671171][ T439] loop0: detected capacity change from 0 to 512
[ 32.678405][ T439] EXT4-fs: Ignoring removed bh option
[ 32.683798][ T439] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 439] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 439] chdir("./file0") = 0
[pid 439] ioctl(4, LOOP_CLR_FD) = 0
[pid 439] close(4) = 0
[pid 439] creat("./bus", 000) = 4
[pid 439] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 439] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 439] chdir("./file0") = 0
[pid 439] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 439] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 439] memfd_create("syzkaller", 0) = 7
[pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 439] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 439] munmap(0x7f75d43ae000, 138412032) = 0
[pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 439] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 439] ioctl(8, LOOP_CLR_FD) = 0
[pid 439] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 439] close(8) = 0
[pid 439] close(7) = 0
[pid 439] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 439] exit_group(0) = ?
[pid 439] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 441
./strace-static-x86_64: Process 441 attached
[pid 441] set_robust_list(0x555556770660, 24) = 0
[pid 441] chdir("./65") = 0
[pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 441] setpgid(0, 0) = 0
[pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 441] write(3, "1000", 4) = 4
[pid 441] close(3) = 0
[pid 441] symlink("/dev/binderfs", "./binderfs") = 0
[pid 441] memfd_create("syzkaller", 0) = 3
[pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[ 32.693104][ T439] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.709692][ T439] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 441] munmap(0x7f75d43ae000, 138412032) = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 441] close(3) = 0
[pid 441] mkdir("./file0", 0777) = 0
[pid 441] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 441] chdir("./file0") = 0
[pid 441] ioctl(4, LOOP_CLR_FD) = 0
[pid 441] close(4) = 0
[pid 441] creat("./bus", 000) = 4
[pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 441] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 441] chdir("./file0") = 0
[pid 441] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 441] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 441] memfd_create("syzkaller", 0) = 7
[pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 441] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 441] munmap(0x7f75d43ae000, 138412032) = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 441] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 441] ioctl(8, LOOP_CLR_FD) = 0
[pid 441] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 441] close(8) = 0
[pid 441] close(7) = 0
[ 32.752576][ T441] loop0: detected capacity change from 0 to 512
[ 32.759778][ T441] EXT4-fs: Ignoring removed bh option
[ 32.765414][ T441] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.774842][ T441] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.780500][ T441] EXT4-fs mount: 67 callbacks suppressed
[ 32.780514][ T441] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 441] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 441] exit_group(0) = ?
[pid 441] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 443
./strace-static-x86_64: Process 443 attached
[pid 443] set_robust_list(0x555556770660, 24) = 0
[pid 443] chdir("./66") = 0
[pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 443] setpgid(0, 0) = 0
[pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 443] write(3, "1000", 4) = 4
[pid 443] close(3) = 0
[pid 443] symlink("/dev/binderfs", "./binderfs") = 0
[pid 443] memfd_create("syzkaller", 0) = 3
[pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 443] munmap(0x7f75d43ae000, 138412032) = 0
[pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 443] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 443] close(3) = 0
[pid 443] mkdir("./file0", 0777) = 0
[ 32.804426][ T441] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.828380][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 32.845221][ T443] loop0: detected capacity change from 0 to 512
[pid 443] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 443] chdir("./file0") = 0
[pid 443] ioctl(4, LOOP_CLR_FD) = 0
[pid 443] close(4) = 0
[pid 443] creat("./bus", 000) = 4
[pid 443] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 443] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 443] chdir("./file0") = 0
[pid 443] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 443] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 443] memfd_create("syzkaller", 0) = 7
[pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 443] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 443] munmap(0x7f75d43ae000, 138412032) = 0
[pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 443] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 443] ioctl(8, LOOP_CLR_FD) = 0
[pid 443] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 443] close(8) = 0
[pid 443] close(7) = 0
[ 32.852742][ T443] EXT4-fs: Ignoring removed bh option
[ 32.858366][ T443] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.868010][ T443] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.873557][ T443] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 443] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 443] exit_group(0) = ?
[pid 443] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=443, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 445
./strace-static-x86_64: Process 445 attached
[pid 445] set_robust_list(0x555556770660, 24) = 0
[pid 445] chdir("./67") = 0
[pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 445] setpgid(0, 0) = 0
[pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 445] write(3, "1000", 4) = 4
[pid 445] close(3) = 0
[pid 445] symlink("/dev/binderfs", "./binderfs") = 0
[pid 445] memfd_create("syzkaller", 0) = 3
[pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 445] munmap(0x7f75d43ae000, 138412032) = 0
[pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 445] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 445] close(3) = 0
[pid 445] mkdir("./file0", 0777) = 0
[ 32.892897][ T443] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 32.921627][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 32.937598][ T445] loop0: detected capacity change from 0 to 512
[ 32.944845][ T445] EXT4-fs: Ignoring removed bh option
[pid 445] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 445] chdir("./file0") = 0
[pid 445] ioctl(4, LOOP_CLR_FD) = 0
[pid 445] close(4) = 0
[pid 445] creat("./bus", 000) = 4
[pid 445] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 445] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 445] chdir("./file0") = 0
[pid 445] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 445] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 445] memfd_create("syzkaller", 0) = 7
[pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 445] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 445] munmap(0x7f75d43ae000, 138412032) = 0
[pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 445] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 445] ioctl(8, LOOP_CLR_FD) = 0
[pid 445] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 445] close(8) = 0
[pid 445] close(7) = 0
[pid 445] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 445] exit_group(0) = ?
[pid 445] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
[ 32.950522][ T445] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 32.960191][ T445] EXT4-fs (loop0): 1 truncate cleaned up
[ 32.965745][ T445] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.981755][ T445] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 447
./strace-static-x86_64: Process 447 attached
[pid 447] set_robust_list(0x555556770660, 24) = 0
[pid 447] chdir("./68") = 0
[pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 447] setpgid(0, 0) = 0
[pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 447] write(3, "1000", 4) = 4
[pid 447] close(3) = 0
[pid 447] symlink("/dev/binderfs", "./binderfs") = 0
[pid 447] memfd_create("syzkaller", 0) = 3
[pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 447] munmap(0x7f75d43ae000, 138412032) = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 447] close(3) = 0
[pid 447] mkdir("./file0", 0777) = 0
[ 33.009907][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.025614][ T447] loop0: detected capacity change from 0 to 512
[ 33.032662][ T447] EXT4-fs: Ignoring removed bh option
[ 33.038380][ T447] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.047781][ T447] EXT4-fs (loop0): 1 truncate cleaned up
[pid 447] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 447] chdir("./file0") = 0
[pid 447] ioctl(4, LOOP_CLR_FD) = 0
[pid 447] close(4) = 0
[pid 447] creat("./bus", 000) = 4
[pid 447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 447] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 447] chdir("./file0") = 0
[pid 447] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 447] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 447] memfd_create("syzkaller", 0) = 7
[pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 447] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 447] munmap(0x7f75d43ae000, 138412032) = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 447] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 447] ioctl(8, LOOP_CLR_FD) = 0
[pid 447] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 447] close(8) = 0
[pid 447] close(7) = 0
[ 33.053341][ T447] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 447] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 447] exit_group(0) = ?
[pid 447] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 449
./strace-static-x86_64: Process 449 attached
[pid 449] set_robust_list(0x555556770660, 24) = 0
[pid 449] chdir("./69") = 0
[pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 449] setpgid(0, 0) = 0
[pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 449] write(3, "1000", 4) = 4
[pid 449] close(3) = 0
[pid 449] symlink("/dev/binderfs", "./binderfs") = 0
[pid 449] memfd_create("syzkaller", 0) = 3
[pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 449] munmap(0x7f75d43ae000, 138412032) = 0
[pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 449] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 449] close(3) = 0
[pid 449] mkdir("./file0", 0777) = 0
[ 33.081530][ T447] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.106664][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.125536][ T449] loop0: detected capacity change from 0 to 512
[pid 449] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 449] chdir("./file0") = 0
[pid 449] ioctl(4, LOOP_CLR_FD) = 0
[pid 449] close(4) = 0
[pid 449] creat("./bus", 000) = 4
[pid 449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 449] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 449] chdir("./file0") = 0
[pid 449] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 449] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 449] memfd_create("syzkaller", 0) = 7
[pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 449] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 449] munmap(0x7f75d43ae000, 138412032) = 0
[pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 449] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 449] ioctl(8, LOOP_CLR_FD) = 0
[pid 449] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 449] close(8) = 0
[pid 449] close(7) = 0
[ 33.132811][ T449] EXT4-fs: Ignoring removed bh option
[ 33.138427][ T449] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.148126][ T449] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.153672][ T449] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 449] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 449] exit_group(0) = ?
[pid 449] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 451
./strace-static-x86_64: Process 451 attached
[pid 451] set_robust_list(0x555556770660, 24) = 0
[pid 451] chdir("./70") = 0
[pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 451] setpgid(0, 0) = 0
[pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 451] write(3, "1000", 4) = 4
[pid 451] close(3) = 0
[pid 451] symlink("/dev/binderfs", "./binderfs") = 0
[pid 451] memfd_create("syzkaller", 0) = 3
[pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 451] munmap(0x7f75d43ae000, 138412032) = 0
[pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 451] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 451] close(3) = 0
[pid 451] mkdir("./file0", 0777) = 0
[ 33.173861][ T449] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.200671][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.221043][ T451] loop0: detected capacity change from 0 to 512
[ 33.227962][ T451] EXT4-fs: Ignoring removed bh option
[pid 451] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 451] chdir("./file0") = 0
[pid 451] ioctl(4, LOOP_CLR_FD) = 0
[pid 451] close(4) = 0
[pid 451] creat("./bus", 000) = 4
[pid 451] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 451] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 451] chdir("./file0") = 0
[pid 451] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 451] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 451] memfd_create("syzkaller", 0) = 7
[pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 451] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 451] munmap(0x7f75d43ae000, 138412032) = 0
[pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 451] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 451] ioctl(8, LOOP_CLR_FD) = 0
[pid 451] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 451] close(8) = 0
[pid 451] close(7) = 0
[ 33.233401][ T451] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.243067][ T451] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.248794][ T451] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 451] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 451] exit_group(0) = ?
[pid 451] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 453
./strace-static-x86_64: Process 453 attached
[pid 453] set_robust_list(0x555556770660, 24) = 0
[pid 453] chdir("./71") = 0
[pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 453] setpgid(0, 0) = 0
[pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 453] write(3, "1000", 4) = 4
[pid 453] close(3) = 0
[pid 453] symlink("/dev/binderfs", "./binderfs") = 0
[pid 453] memfd_create("syzkaller", 0) = 3
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 453] munmap(0x7f75d43ae000, 138412032) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 453] close(3) = 0
[pid 453] mkdir("./file0", 0777) = 0
[ 33.268891][ T451] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.293266][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.315089][ T453] loop0: detected capacity change from 0 to 512
[ 33.322548][ T453] EXT4-fs: Ignoring removed bh option
[pid 453] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 453] chdir("./file0") = 0
[pid 453] ioctl(4, LOOP_CLR_FD) = 0
[pid 453] close(4) = 0
[pid 453] creat("./bus", 000) = 4
[pid 453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 453] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 453] chdir("./file0") = 0
[pid 453] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 453] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 453] memfd_create("syzkaller", 0) = 7
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 453] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 453] munmap(0x7f75d43ae000, 138412032) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 453] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 453] ioctl(8, LOOP_CLR_FD) = 0
[pid 453] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 453] close(8) = 0
[pid 453] close(7) = 0
[pid 453] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 453] exit_group(0) = ?
[pid 453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
[ 33.328214][ T453] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.337881][ T453] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.343469][ T453] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.362663][ T453] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 455
./strace-static-x86_64: Process 455 attached
[pid 455] set_robust_list(0x555556770660, 24) = 0
[pid 455] chdir("./72") = 0
[pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 455] setpgid(0, 0) = 0
[pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 455] write(3, "1000", 4) = 4
[pid 455] close(3) = 0
[pid 455] symlink("/dev/binderfs", "./binderfs") = 0
[pid 455] memfd_create("syzkaller", 0) = 3
[pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 455] munmap(0x7f75d43ae000, 138412032) = 0
[pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 455] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 455] close(3) = 0
[pid 455] mkdir("./file0", 0777) = 0
[ 33.385862][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.407127][ T455] loop0: detected capacity change from 0 to 512
[ 33.414071][ T455] EXT4-fs: Ignoring removed bh option
[ 33.419650][ T455] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.429062][ T455] EXT4-fs (loop0): 1 truncate cleaned up
[pid 455] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 455] chdir("./file0") = 0
[pid 455] ioctl(4, LOOP_CLR_FD) = 0
[pid 455] close(4) = 0
[pid 455] creat("./bus", 000) = 4
[pid 455] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 455] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 455] chdir("./file0") = 0
[pid 455] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 455] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 455] memfd_create("syzkaller", 0) = 7
[pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 455] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 455] munmap(0x7f75d43ae000, 138412032) = 0
[pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 455] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 455] ioctl(8, LOOP_CLR_FD) = 0
[pid 455] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 455] close(8) = 0
[pid 455] close(7) = 0
[pid 455] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 455] exit_group(0) = ?
[pid 455] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 459
./strace-static-x86_64: Process 459 attached
[pid 459] set_robust_list(0x555556770660, 24) = 0
[pid 459] chdir("./73") = 0
[pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 459] setpgid(0, 0) = 0
[pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 459] write(3, "1000", 4) = 4
[pid 459] close(3) = 0
[pid 459] symlink("/dev/binderfs", "./binderfs") = 0
[pid 459] memfd_create("syzkaller", 0) = 3
[pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 459] munmap(0x7f75d43ae000, 138412032) = 0
[ 33.434504][ T455] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.453198][ T455] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.479387][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 459] close(3) = 0
[pid 459] mkdir("./file0", 0777) = 0
[pid 459] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 459] chdir("./file0") = 0
[pid 459] ioctl(4, LOOP_CLR_FD) = 0
[pid 459] close(4) = 0
[pid 459] creat("./bus", 000) = 4
[pid 459] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 459] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 459] chdir("./file0") = 0
[pid 459] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 459] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 459] memfd_create("syzkaller", 0) = 7
[pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 459] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 459] munmap(0x7f75d43ae000, 138412032) = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 459] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 459] ioctl(8, LOOP_CLR_FD) = 0
[pid 459] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 459] close(8) = 0
[pid 459] close(7) = 0
[ 33.503173][ T459] loop0: detected capacity change from 0 to 512
[ 33.510202][ T459] EXT4-fs: Ignoring removed bh option
[ 33.515759][ T459] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.525400][ T459] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.530881][ T459] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 459] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 459] exit_group(0) = ?
[pid 459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 461
./strace-static-x86_64: Process 461 attached
[pid 461] set_robust_list(0x555556770660, 24) = 0
[pid 461] chdir("./74") = 0
[pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 461] setpgid(0, 0) = 0
[pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 461] write(3, "1000", 4) = 4
[pid 461] close(3) = 0
[pid 461] symlink("/dev/binderfs", "./binderfs") = 0
[pid 461] memfd_create("syzkaller", 0) = 3
[pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 461] munmap(0x7f75d43ae000, 138412032) = 0
[pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 461] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 461] close(3) = 0
[pid 461] mkdir("./file0", 0777) = 0
[ 33.550559][ T459] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.576026][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.596231][ T461] loop0: detected capacity change from 0 to 512
[pid 461] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 461] chdir("./file0") = 0
[pid 461] ioctl(4, LOOP_CLR_FD) = 0
[pid 461] close(4) = 0
[pid 461] creat("./bus", 000) = 4
[pid 461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 461] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 461] chdir("./file0") = 0
[pid 461] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 461] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 461] memfd_create("syzkaller", 0) = 7
[pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 461] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 461] munmap(0x7f75d43ae000, 138412032) = 0
[pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 461] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 461] ioctl(8, LOOP_CLR_FD) = 0
[pid 461] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 461] close(8) = 0
[pid 461] close(7) = 0
[ 33.603387][ T461] EXT4-fs: Ignoring removed bh option
[ 33.609139][ T461] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.618586][ T461] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.624031][ T461] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 461] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 461] exit_group(0) = ?
[pid 461] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 463
./strace-static-x86_64: Process 463 attached
[pid 463] set_robust_list(0x555556770660, 24) = 0
[pid 463] chdir("./75") = 0
[pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 463] setpgid(0, 0) = 0
[pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 463] write(3, "1000", 4) = 4
[pid 463] close(3) = 0
[pid 463] symlink("/dev/binderfs", "./binderfs") = 0
[pid 463] memfd_create("syzkaller", 0) = 3
[pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 463] munmap(0x7f75d43ae000, 138412032) = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 463] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 463] close(3) = 0
[pid 463] mkdir("./file0", 0777) = 0
[ 33.643184][ T461] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.666435][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.689377][ T463] loop0: detected capacity change from 0 to 512
[ 33.696556][ T463] EXT4-fs: Ignoring removed bh option
[pid 463] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 463] chdir("./file0") = 0
[pid 463] ioctl(4, LOOP_CLR_FD) = 0
[pid 463] close(4) = 0
[pid 463] creat("./bus", 000) = 4
[pid 463] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 463] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 463] chdir("./file0") = 0
[pid 463] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 463] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 463] memfd_create("syzkaller", 0) = 7
[pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 463] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 463] munmap(0x7f75d43ae000, 138412032) = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 463] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 463] ioctl(8, LOOP_CLR_FD) = 0
[pid 463] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 463] close(8) = 0
[pid 463] close(7) = 0
[ 33.702175][ T463] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.711718][ T463] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.717255][ T463] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 463] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 463] exit_group(0) = ?
[pid 463] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=463, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs") = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 465
./strace-static-x86_64: Process 465 attached
[pid 465] set_robust_list(0x555556770660, 24) = 0
[pid 465] chdir("./76") = 0
[pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 465] setpgid(0, 0) = 0
[pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 465] write(3, "1000", 4) = 4
[pid 465] close(3) = 0
[pid 465] symlink("/dev/binderfs", "./binderfs") = 0
[pid 465] memfd_create("syzkaller", 0) = 3
[pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 465] munmap(0x7f75d43ae000, 138412032) = 0
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 465] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 465] close(3) = 0
[pid 465] mkdir("./file0", 0777) = 0
[ 33.738791][ T463] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.764046][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.786512][ T465] loop0: detected capacity change from 0 to 512
[ 33.793735][ T465] EXT4-fs: Ignoring removed bh option
[pid 465] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 465] chdir("./file0") = 0
[pid 465] ioctl(4, LOOP_CLR_FD) = 0
[pid 465] close(4) = 0
[pid 465] creat("./bus", 000) = 4
[pid 465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 465] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 465] chdir("./file0") = 0
[pid 465] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 465] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 465] memfd_create("syzkaller", 0) = 7
[pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 465] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 465] munmap(0x7f75d43ae000, 138412032) = 0
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 465] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 465] ioctl(8, LOOP_CLR_FD) = 0
[pid 465] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 465] close(8) = 0
[pid 465] close(7) = 0
[pid 465] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 465] exit_group(0) = ?
[pid 465] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 33.799464][ T465] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.808922][ T465] EXT4-fs (loop0): 1 truncate cleaned up
[ 33.814456][ T465] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.833631][ T465] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
unlink("./76/binderfs") = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 467
./strace-static-x86_64: Process 467 attached
[pid 467] set_robust_list(0x555556770660, 24) = 0
[pid 467] chdir("./77") = 0
[pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 467] setpgid(0, 0) = 0
[pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 467] write(3, "1000", 4) = 4
[pid 467] close(3) = 0
[pid 467] symlink("/dev/binderfs", "./binderfs") = 0
[pid 467] memfd_create("syzkaller", 0) = 3
[pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 467] munmap(0x7f75d43ae000, 138412032) = 0
[pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 467] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 467] close(3) = 0
[pid 467] mkdir("./file0", 0777) = 0
[ 33.859396][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 33.879319][ T467] loop0: detected capacity change from 0 to 512
[ 33.886587][ T467] EXT4-fs: Ignoring removed bh option
[ 33.892212][ T467] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.901886][ T467] EXT4-fs (loop0): 1 truncate cleaned up
[pid 467] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 467] chdir("./file0") = 0
[pid 467] ioctl(4, LOOP_CLR_FD) = 0
[pid 467] close(4) = 0
[pid 467] creat("./bus", 000) = 4
[pid 467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 467] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 467] chdir("./file0") = 0
[pid 467] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 467] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 467] memfd_create("syzkaller", 0) = 7
[pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 467] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 467] munmap(0x7f75d43ae000, 138412032) = 0
[pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 467] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 467] ioctl(8, LOOP_CLR_FD) = 0
[pid 467] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 467] close(8) = 0
[pid 467] close(7) = 0
[pid 467] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 467] exit_group(0) = ?
[pid 467] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=467, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs") = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 469
./strace-static-x86_64: Process 469 attached
[pid 469] set_robust_list(0x555556770660, 24) = 0
[pid 469] chdir("./78") = 0
[pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 469] setpgid(0, 0) = 0
[pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 469] write(3, "1000", 4) = 4
[pid 469] close(3) = 0
[pid 469] symlink("/dev/binderfs", "./binderfs") = 0
[pid 469] memfd_create("syzkaller", 0) = 3
[pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[ 33.907519][ T467] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.927859][ T467] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 33.952953][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 469] munmap(0x7f75d43ae000, 138412032) = 0
[pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 469] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 469] close(3) = 0
[pid 469] mkdir("./file0", 0777) = 0
[pid 469] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 469] chdir("./file0") = 0
[pid 469] ioctl(4, LOOP_CLR_FD) = 0
[pid 469] close(4) = 0
[pid 469] creat("./bus", 000) = 4
[pid 469] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 469] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 469] chdir("./file0") = 0
[pid 469] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 469] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 469] memfd_create("syzkaller", 0) = 7
[pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 469] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 469] munmap(0x7f75d43ae000, 138412032) = 0
[pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 469] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 469] ioctl(8, LOOP_CLR_FD) = 0
[pid 469] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 469] close(8) = 0
[ 33.974217][ T469] loop0: detected capacity change from 0 to 512
[ 33.981345][ T469] EXT4-fs: Ignoring removed bh option
[ 33.986842][ T469] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 33.996189][ T469] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.001720][ T469] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 469] close(7) = 0
[pid 469] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 469] exit_group(0) = ?
[pid 469] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=469, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs") = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 471
./strace-static-x86_64: Process 471 attached
[pid 471] set_robust_list(0x555556770660, 24) = 0
[pid 471] chdir("./79") = 0
[pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 471] setpgid(0, 0) = 0
[pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 471] write(3, "1000", 4) = 4
[pid 471] close(3) = 0
[pid 471] symlink("/dev/binderfs", "./binderfs") = 0
[pid 471] memfd_create("syzkaller", 0) = 3
[pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 471] munmap(0x7f75d43ae000, 138412032) = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 471] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 471] close(3) = 0
[pid 471] mkdir("./file0", 0777) = 0
[ 34.021144][ T469] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.044644][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.065879][ T471] loop0: detected capacity change from 0 to 512
[pid 471] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 471] chdir("./file0") = 0
[pid 471] ioctl(4, LOOP_CLR_FD) = 0
[pid 471] close(4) = 0
[pid 471] creat("./bus", 000) = 4
[pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 471] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 471] chdir("./file0") = 0
[pid 471] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 471] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 471] memfd_create("syzkaller", 0) = 7
[pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 471] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 471] munmap(0x7f75d43ae000, 138412032) = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 471] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 471] ioctl(8, LOOP_CLR_FD) = 0
[pid 471] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 471] close(8) = 0
[pid 471] close(7) = 0
[ 34.073549][ T471] EXT4-fs: Ignoring removed bh option
[ 34.079181][ T471] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.088588][ T471] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.094155][ T471] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 471] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 471] exit_group(0) = ?
[pid 471] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs") = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 473
./strace-static-x86_64: Process 473 attached
[pid 473] set_robust_list(0x555556770660, 24) = 0
[pid 473] chdir("./80") = 0
[pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 473] setpgid(0, 0) = 0
[pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 473] write(3, "1000", 4) = 4
[pid 473] close(3) = 0
[pid 473] symlink("/dev/binderfs", "./binderfs") = 0
[pid 473] memfd_create("syzkaller", 0) = 3
[pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 473] munmap(0x7f75d43ae000, 138412032) = 0
[pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 473] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 473] close(3) = 0
[pid 473] mkdir("./file0", 0777) = 0
[ 34.113245][ T471] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.138454][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.161173][ T473] loop0: detected capacity change from 0 to 512
[ 34.168132][ T473] EXT4-fs: Ignoring removed bh option
[pid 473] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 473] chdir("./file0") = 0
[pid 473] ioctl(4, LOOP_CLR_FD) = 0
[pid 473] close(4) = 0
[pid 473] creat("./bus", 000) = 4
[pid 473] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 473] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 473] chdir("./file0") = 0
[pid 473] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 473] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 473] memfd_create("syzkaller", 0) = 7
[pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 473] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 473] munmap(0x7f75d43ae000, 138412032) = 0
[pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 473] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 473] ioctl(8, LOOP_CLR_FD) = 0
[pid 473] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 473] close(8) = 0
[pid 473] close(7) = 0
[ 34.173701][ T473] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.183700][ T473] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.189180][ T473] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 473] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 473] exit_group(0) = ?
[pid 473] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=473, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs") = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 475
./strace-static-x86_64: Process 475 attached
[pid 475] set_robust_list(0x555556770660, 24) = 0
[pid 475] chdir("./81") = 0
[pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 475] setpgid(0, 0) = 0
[pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 475] write(3, "1000", 4) = 4
[pid 475] close(3) = 0
[pid 475] symlink("/dev/binderfs", "./binderfs") = 0
[pid 475] memfd_create("syzkaller", 0) = 3
[pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 475] munmap(0x7f75d43ae000, 138412032) = 0
[pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.218033][ T473] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.243512][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 475] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 475] close(3) = 0
[pid 475] mkdir("./file0", 0777) = 0
[pid 475] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 475] chdir("./file0") = 0
[pid 475] ioctl(4, LOOP_CLR_FD) = 0
[pid 475] close(4) = 0
[pid 475] creat("./bus", 000) = 4
[pid 475] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 475] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 475] chdir("./file0") = 0
[pid 475] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 475] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 475] memfd_create("syzkaller", 0) = 7
[pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 475] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 475] munmap(0x7f75d43ae000, 138412032) = 0
[pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 475] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 475] ioctl(8, LOOP_CLR_FD) = 0
[pid 475] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 475] close(8) = 0
[pid 475] close(7) = 0
[ 34.263331][ T475] loop0: detected capacity change from 0 to 512
[ 34.270574][ T475] EXT4-fs: Ignoring removed bh option
[ 34.276087][ T475] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.285897][ T475] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.291420][ T475] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 475] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 475] exit_group(0) = ?
[pid 475] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=475, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs") = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 477
./strace-static-x86_64: Process 477 attached
[pid 477] set_robust_list(0x555556770660, 24) = 0
[pid 477] chdir("./82") = 0
[pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 477] setpgid(0, 0) = 0
[pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 477] write(3, "1000", 4) = 4
[pid 477] close(3) = 0
[pid 477] symlink("/dev/binderfs", "./binderfs") = 0
[pid 477] memfd_create("syzkaller", 0) = 3
[pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 477] munmap(0x7f75d43ae000, 138412032) = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 477] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 477] close(3) = 0
[pid 477] mkdir("./file0", 0777) = 0
[ 34.311008][ T475] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.335064][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.355763][ T477] loop0: detected capacity change from 0 to 512
[ 34.363410][ T477] EXT4-fs: Ignoring removed bh option
[pid 477] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 477] chdir("./file0") = 0
[pid 477] ioctl(4, LOOP_CLR_FD) = 0
[pid 477] close(4) = 0
[pid 477] creat("./bus", 000) = 4
[pid 477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 477] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 477] chdir("./file0") = 0
[pid 477] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 477] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 477] memfd_create("syzkaller", 0) = 7
[pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 477] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 477] munmap(0x7f75d43ae000, 138412032) = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 477] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 477] ioctl(8, LOOP_CLR_FD) = 0
[pid 477] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 477] close(8) = 0
[pid 477] close(7) = 0
[ 34.368958][ T477] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.378956][ T477] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.384510][ T477] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 477] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 477] exit_group(0) = ?
[pid 477] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs") = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 479
./strace-static-x86_64: Process 479 attached
[pid 479] set_robust_list(0x555556770660, 24) = 0
[pid 479] chdir("./83") = 0
[pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 479] setpgid(0, 0) = 0
[pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 479] write(3, "1000", 4) = 4
[pid 479] close(3) = 0
[pid 479] symlink("/dev/binderfs", "./binderfs") = 0
[pid 479] memfd_create("syzkaller", 0) = 3
[pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 479] munmap(0x7f75d43ae000, 138412032) = 0
[pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 479] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 479] close(3) = 0
[pid 479] mkdir("./file0", 0777) = 0
[ 34.405368][ T477] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.430617][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.450525][ T479] loop0: detected capacity change from 0 to 512
[ 34.457651][ T479] EXT4-fs: Ignoring removed bh option
[pid 479] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 479] chdir("./file0") = 0
[pid 479] ioctl(4, LOOP_CLR_FD) = 0
[pid 479] close(4) = 0
[pid 479] creat("./bus", 000) = 4
[pid 479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 479] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 479] chdir("./file0") = 0
[pid 479] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 479] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 479] memfd_create("syzkaller", 0) = 7
[pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 479] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 479] munmap(0x7f75d43ae000, 138412032) = 0
[pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 479] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 479] ioctl(8, LOOP_CLR_FD) = 0
[pid 479] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 479] close(8) = 0
[pid 479] close(7) = 0
[pid 479] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 479] exit_group(0) = ?
[pid 479] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=479, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs") = 0
[ 34.463087][ T479] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.472805][ T479] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.478364][ T479] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.497320][ T479] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 482
./strace-static-x86_64: Process 482 attached
[pid 482] set_robust_list(0x555556770660, 24) = 0
[pid 482] chdir("./84") = 0
[pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 482] setpgid(0, 0) = 0
[pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 482] write(3, "1000", 4) = 4
[pid 482] close(3) = 0
[pid 482] symlink("/dev/binderfs", "./binderfs") = 0
[pid 482] memfd_create("syzkaller", 0) = 3
[pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 482] munmap(0x7f75d43ae000, 138412032) = 0
[pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 482] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 482] close(3) = 0
[pid 482] mkdir("./file0", 0777) = 0
[ 34.523886][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.542706][ T482] loop0: detected capacity change from 0 to 512
[ 34.549710][ T482] EXT4-fs: Ignoring removed bh option
[ 34.555140][ T482] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.564730][ T482] EXT4-fs (loop0): 1 truncate cleaned up
[pid 482] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 482] chdir("./file0") = 0
[pid 482] ioctl(4, LOOP_CLR_FD) = 0
[pid 482] close(4) = 0
[pid 482] creat("./bus", 000) = 4
[pid 482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 482] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 482] chdir("./file0") = 0
[pid 482] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 482] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 482] memfd_create("syzkaller", 0) = 7
[pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 482] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 482] munmap(0x7f75d43ae000, 138412032) = 0
[pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 482] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 482] ioctl(8, LOOP_CLR_FD) = 0
[pid 482] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 482] close(8) = 0
[pid 482] close(7) = 0
[pid 482] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 482] exit_group(0) = ?
[pid 482] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs") = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 484
./strace-static-x86_64: Process 484 attached
[pid 484] set_robust_list(0x555556770660, 24) = 0
[pid 484] chdir("./85") = 0
[pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 484] setpgid(0, 0) = 0
[pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 484] write(3, "1000", 4) = 4
[pid 484] close(3) = 0
[pid 484] symlink("/dev/binderfs", "./binderfs") = 0
[pid 484] memfd_create("syzkaller", 0) = 3
[pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 484] munmap(0x7f75d43ae000, 138412032) = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.570198][ T482] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.591783][ T482] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.616317][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 484] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 484] close(3) = 0
[pid 484] mkdir("./file0", 0777) = 0
[pid 484] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 484] chdir("./file0") = 0
[pid 484] ioctl(4, LOOP_CLR_FD) = 0
[pid 484] close(4) = 0
[pid 484] creat("./bus", 000) = 4
[pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 484] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 484] chdir("./file0") = 0
[pid 484] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 484] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 484] memfd_create("syzkaller", 0) = 7
[pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 484] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 484] munmap(0x7f75d43ae000, 138412032) = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 484] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 484] ioctl(8, LOOP_CLR_FD) = 0
[pid 484] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 484] close(8) = 0
[pid 484] close(7) = 0
[ 34.632667][ T484] loop0: detected capacity change from 0 to 512
[ 34.640184][ T484] EXT4-fs: Ignoring removed bh option
[ 34.645879][ T484] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.655179][ T484] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.660758][ T484] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 484] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 484] exit_group(0) = ?
[pid 484] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs") = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 486
./strace-static-x86_64: Process 486 attached
[pid 486] set_robust_list(0x555556770660, 24) = 0
[pid 486] chdir("./86") = 0
[pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 486] setpgid(0, 0) = 0
[pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 486] write(3, "1000", 4) = 4
[pid 486] close(3) = 0
[pid 486] symlink("/dev/binderfs", "./binderfs") = 0
[pid 486] memfd_create("syzkaller", 0) = 3
[pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 486] munmap(0x7f75d43ae000, 138412032) = 0
[pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 486] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 486] close(3) = 0
[pid 486] mkdir("./file0", 0777) = 0
[ 34.679900][ T484] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.710637][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.726364][ T486] loop0: detected capacity change from 0 to 512
[pid 486] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 486] chdir("./file0") = 0
[pid 486] ioctl(4, LOOP_CLR_FD) = 0
[pid 486] close(4) = 0
[pid 486] creat("./bus", 000) = 4
[pid 486] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 486] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 486] chdir("./file0") = 0
[pid 486] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 486] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 486] memfd_create("syzkaller", 0) = 7
[pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 486] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 486] munmap(0x7f75d43ae000, 138412032) = 0
[pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 486] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 486] ioctl(8, LOOP_CLR_FD) = 0
[pid 486] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 486] close(8) = 0
[pid 486] close(7) = 0
[ 34.733392][ T486] EXT4-fs: Ignoring removed bh option
[ 34.738984][ T486] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.748946][ T486] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.754488][ T486] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 486] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 486] exit_group(0) = ?
[pid 486] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs") = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 488
./strace-static-x86_64: Process 488 attached
[pid 488] set_robust_list(0x555556770660, 24) = 0
[pid 488] chdir("./87") = 0
[pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 488] setpgid(0, 0) = 0
[pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 488] write(3, "1000", 4) = 4
[pid 488] close(3) = 0
[pid 488] symlink("/dev/binderfs", "./binderfs") = 0
[pid 488] memfd_create("syzkaller", 0) = 3
[pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 488] munmap(0x7f75d43ae000, 138412032) = 0
[pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 488] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 488] close(3) = 0
[pid 488] mkdir("./file0", 0777) = 0
[ 34.771949][ T486] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.796104][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.812188][ T488] loop0: detected capacity change from 0 to 512
[ 34.820785][ T488] EXT4-fs: Ignoring removed bh option
[pid 488] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 488] chdir("./file0") = 0
[pid 488] ioctl(4, LOOP_CLR_FD) = 0
[pid 488] close(4) = 0
[pid 488] creat("./bus", 000) = 4
[pid 488] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 488] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 488] chdir("./file0") = 0
[pid 488] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 488] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 488] memfd_create("syzkaller", 0) = 7
[pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 488] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 488] munmap(0x7f75d43ae000, 138412032) = 0
[pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 488] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 488] ioctl(8, LOOP_CLR_FD) = 0
[pid 488] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 488] close(8) = 0
[pid 488] close(7) = 0
[pid 488] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 488] exit_group(0) = ?
[pid 488] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs") = 0
[ 34.826409][ T488] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.836414][ T488] EXT4-fs (loop0): 1 truncate cleaned up
[ 34.841999][ T488] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.861071][ T488] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 490
./strace-static-x86_64: Process 490 attached
[pid 490] set_robust_list(0x555556770660, 24) = 0
[pid 490] chdir("./88") = 0
[pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 490] setpgid(0, 0) = 0
[pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 490] write(3, "1000", 4) = 4
[pid 490] close(3) = 0
[pid 490] symlink("/dev/binderfs", "./binderfs") = 0
[pid 490] memfd_create("syzkaller", 0) = 3
[pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 490] munmap(0x7f75d43ae000, 138412032) = 0
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 490] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 490] close(3) = 0
[pid 490] mkdir("./file0", 0777) = 0
[ 34.889107][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 34.908874][ T490] loop0: detected capacity change from 0 to 512
[ 34.915874][ T490] EXT4-fs: Ignoring removed bh option
[ 34.921441][ T490] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 34.931118][ T490] EXT4-fs (loop0): 1 truncate cleaned up
[pid 490] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 490] chdir("./file0") = 0
[pid 490] ioctl(4, LOOP_CLR_FD) = 0
[pid 490] close(4) = 0
[pid 490] creat("./bus", 000) = 4
[pid 490] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 490] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 490] chdir("./file0") = 0
[pid 490] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 490] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 490] memfd_create("syzkaller", 0) = 7
[pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 490] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 490] munmap(0x7f75d43ae000, 138412032) = 0
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 490] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 490] ioctl(8, LOOP_CLR_FD) = 0
[pid 490] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 490] close(8) = 0
[pid 490] close(7) = 0
[pid 490] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 490] exit_group(0) = ?
[pid 490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs") = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 492
./strace-static-x86_64: Process 492 attached
[pid 492] set_robust_list(0x555556770660, 24) = 0
[pid 492] chdir("./89") = 0
[pid 492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 492] setpgid(0, 0) = 0
[pid 492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 492] write(3, "1000", 4) = 4
[pid 492] close(3) = 0
[pid 492] symlink("/dev/binderfs", "./binderfs") = 0
[pid 492] memfd_create("syzkaller", 0) = 3
[pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 492] munmap(0x7f75d43ae000, 138412032) = 0
[pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.936565][ T490] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.956836][ T490] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 34.980359][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 492] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 492] close(3) = 0
[pid 492] mkdir("./file0", 0777) = 0
[pid 492] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 492] chdir("./file0") = 0
[pid 492] ioctl(4, LOOP_CLR_FD) = 0
[pid 492] close(4) = 0
[pid 492] creat("./bus", 000) = 4
[pid 492] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 492] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 492] chdir("./file0") = 0
[pid 492] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 492] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 492] memfd_create("syzkaller", 0) = 7
[pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 492] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 492] munmap(0x7f75d43ae000, 138412032) = 0
[pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 492] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 492] ioctl(8, LOOP_CLR_FD) = 0
[pid 492] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 492] close(8) = 0
[pid 492] close(7) = 0
[ 34.998077][ T492] loop0: detected capacity change from 0 to 512
[ 35.005799][ T492] EXT4-fs: Ignoring removed bh option
[ 35.011386][ T492] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.021151][ T492] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.026714][ T492] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 492] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 492] exit_group(0) = ?
[pid 492] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=492, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs") = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 494
./strace-static-x86_64: Process 494 attached
[pid 494] set_robust_list(0x555556770660, 24) = 0
[pid 494] chdir("./90") = 0
[pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 494] setpgid(0, 0) = 0
[pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 494] write(3, "1000", 4) = 4
[pid 494] close(3) = 0
[pid 494] symlink("/dev/binderfs", "./binderfs") = 0
[pid 494] memfd_create("syzkaller", 0) = 3
[pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 494] munmap(0x7f75d43ae000, 138412032) = 0
[pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 35.044378][ T492] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.072927][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 494] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 494] close(3) = 0
[pid 494] mkdir("./file0", 0777) = 0
[pid 494] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 494] chdir("./file0") = 0
[pid 494] ioctl(4, LOOP_CLR_FD) = 0
[pid 494] close(4) = 0
[pid 494] creat("./bus", 000) = 4
[pid 494] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 494] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 494] chdir("./file0") = 0
[pid 494] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 494] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 494] memfd_create("syzkaller", 0) = 7
[pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 494] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 494] munmap(0x7f75d43ae000, 138412032) = 0
[pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 494] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 494] ioctl(8, LOOP_CLR_FD) = 0
[pid 494] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 494] close(8) = 0
[pid 494] close(7) = 0
[ 35.094069][ T494] loop0: detected capacity change from 0 to 512
[ 35.101577][ T494] EXT4-fs: Ignoring removed bh option
[ 35.107414][ T494] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.116801][ T494] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.122428][ T494] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 494] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 494] exit_group(0) = ?
[pid 494] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=494, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs") = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 496
./strace-static-x86_64: Process 496 attached
[pid 496] set_robust_list(0x555556770660, 24) = 0
[pid 496] chdir("./91") = 0
[pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 496] setpgid(0, 0) = 0
[pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 496] write(3, "1000", 4) = 4
[pid 496] close(3) = 0
[pid 496] symlink("/dev/binderfs", "./binderfs") = 0
[pid 496] memfd_create("syzkaller", 0) = 3
[pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 496] munmap(0x7f75d43ae000, 138412032) = 0
[pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 496] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 496] close(3) = 0
[pid 496] mkdir("./file0", 0777) = 0
[ 35.141559][ T494] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.167715][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 35.183743][ T496] loop0: detected capacity change from 0 to 512
[ 35.191064][ T496] EXT4-fs: Ignoring removed bh option
[pid 496] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 496] chdir("./file0") = 0
[pid 496] ioctl(4, LOOP_CLR_FD) = 0
[pid 496] close(4) = 0
[pid 496] creat("./bus", 000) = 4
[pid 496] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 496] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 496] chdir("./file0") = 0
[pid 496] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 496] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 496] memfd_create("syzkaller", 0) = 7
[pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 496] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 496] munmap(0x7f75d43ae000, 138412032) = 0
[pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 496] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 496] ioctl(8, LOOP_CLR_FD) = 0
[pid 496] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 496] close(8) = 0
[pid 496] close(7) = 0
[ 35.196740][ T496] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.206325][ T496] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.211934][ T496] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 496] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 496] exit_group(0) = ?
[pid 496] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs") = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 498
./strace-static-x86_64: Process 498 attached
[pid 498] set_robust_list(0x555556770660, 24) = 0
[pid 498] chdir("./92") = 0
[pid 498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 498] setpgid(0, 0) = 0
[pid 498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 498] write(3, "1000", 4) = 4
[pid 498] close(3) = 0
[pid 498] symlink("/dev/binderfs", "./binderfs") = 0
[pid 498] memfd_create("syzkaller", 0) = 3
[pid 498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 498] munmap(0x7f75d43ae000, 138412032) = 0
[pid 498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 498] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 498] close(3) = 0
[pid 498] mkdir("./file0", 0777) = 0
[ 35.233066][ T496] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.258465][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 35.280795][ T498] loop0: detected capacity change from 0 to 512
[ 35.287975][ T498] EXT4-fs: Ignoring removed bh option
[pid 498] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 498] chdir("./file0") = 0
[pid 498] ioctl(4, LOOP_CLR_FD) = 0
[pid 498] close(4) = 0
[pid 498] creat("./bus", 000) = 4
[pid 498] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 498] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 498] chdir("./file0") = 0
[pid 498] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 498] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 498] memfd_create("syzkaller", 0) = 7
[pid 498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 498] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 498] munmap(0x7f75d43ae000, 138412032) = 0
[pid 498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 498] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 498] ioctl(8, LOOP_CLR_FD) = 0
[pid 498] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 498] close(8) = 0
[pid 498] close(7) = 0
[pid 498] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 498] exit_group(0) = ?
[pid 498] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=498, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs") = 0
[ 35.293598][ T498] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.303798][ T498] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.309414][ T498] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.328319][ T498] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 500
./strace-static-x86_64: Process 500 attached
[pid 500] set_robust_list(0x555556770660, 24) = 0
[pid 500] chdir("./93") = 0
[pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 500] setpgid(0, 0) = 0
[pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 500] write(3, "1000", 4) = 4
[pid 500] close(3) = 0
[pid 500] symlink("/dev/binderfs", "./binderfs") = 0
[pid 500] memfd_create("syzkaller", 0) = 3
[pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 500] munmap(0x7f75d43ae000, 138412032) = 0
[pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 500] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 500] close(3) = 0
[pid 500] mkdir("./file0", 0777) = 0
[ 35.356738][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 35.378185][ T500] loop0: detected capacity change from 0 to 512
[ 35.385405][ T500] EXT4-fs: Ignoring removed bh option
[ 35.391074][ T500] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.400845][ T500] EXT4-fs (loop0): 1 truncate cleaned up
[pid 500] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 500] chdir("./file0") = 0
[pid 500] ioctl(4, LOOP_CLR_FD) = 0
[pid 500] close(4) = 0
[pid 500] creat("./bus", 000) = 4
[pid 500] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 500] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 500] chdir("./file0") = 0
[pid 500] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 500] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 500] memfd_create("syzkaller", 0) = 7
[pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 500] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 500] munmap(0x7f75d43ae000, 138412032) = 0
[pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 500] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 500] ioctl(8, LOOP_CLR_FD) = 0
[pid 500] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 500] close(8) = 0
[pid 500] close(7) = 0
[pid 500] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 500] exit_group(0) = ?
[pid 500] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=500, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs") = 0
[ 35.406389][ T500] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.426802][ T500] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 502
./strace-static-x86_64: Process 502 attached
[pid 502] set_robust_list(0x555556770660, 24) = 0
[pid 502] chdir("./94") = 0
[pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 502] setpgid(0, 0) = 0
[pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 502] write(3, "1000", 4) = 4
[pid 502] close(3) = 0
[pid 502] symlink("/dev/binderfs", "./binderfs") = 0
[pid 502] memfd_create("syzkaller", 0) = 3
[pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 502] munmap(0x7f75d43ae000, 138412032) = 0
[pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 502] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 502] close(3) = 0
[pid 502] mkdir("./file0", 0777) = 0
[ 35.451752][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 35.474644][ T502] loop0: detected capacity change from 0 to 512
[ 35.481706][ T502] EXT4-fs: Ignoring removed bh option
[ 35.487999][ T502] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.497528][ T502] EXT4-fs (loop0): 1 truncate cleaned up
[pid 502] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 502] chdir("./file0") = 0
[pid 502] ioctl(4, LOOP_CLR_FD) = 0
[pid 502] close(4) = 0
[pid 502] creat("./bus", 000) = 4
[pid 502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 502] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 502] chdir("./file0") = 0
[pid 502] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 502] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 502] memfd_create("syzkaller", 0) = 7
[pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 502] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 502] munmap(0x7f75d43ae000, 138412032) = 0
[pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 502] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 502] ioctl(8, LOOP_CLR_FD) = 0
[pid 502] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 502] close(8) = 0
[pid 502] close(7) = 0
[pid 502] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 502] exit_group(0) = ?
[pid 502] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs") = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 505
./strace-static-x86_64: Process 505 attached
[pid 505] set_robust_list(0x555556770660, 24) = 0
[pid 505] chdir("./95") = 0
[pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 505] setpgid(0, 0) = 0
[pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 505] write(3, "1000", 4) = 4
[pid 505] close(3) = 0
[pid 505] symlink("/dev/binderfs", "./binderfs") = 0
[pid 505] memfd_create("syzkaller", 0) = 3
[pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 505] munmap(0x7f75d43ae000, 138412032) = 0
[ 35.503077][ T502] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.522054][ T502] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.547099][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 505] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 505] close(3) = 0
[pid 505] mkdir("./file0", 0777) = 0
[pid 505] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 505] chdir("./file0") = 0
[pid 505] ioctl(4, LOOP_CLR_FD) = 0
[pid 505] close(4) = 0
[pid 505] creat("./bus", 000) = 4
[pid 505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 505] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 505] chdir("./file0") = 0
[pid 505] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 505] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 505] memfd_create("syzkaller", 0) = 7
[pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 505] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 505] munmap(0x7f75d43ae000, 138412032) = 0
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 505] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 505] ioctl(8, LOOP_CLR_FD) = 0
[pid 505] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 505] close(8) = 0
[pid 505] close(7) = 0
[ 35.568898][ T505] loop0: detected capacity change from 0 to 512
[ 35.576026][ T505] EXT4-fs: Ignoring removed bh option
[ 35.581640][ T505] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.591264][ T505] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.596819][ T505] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 505] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 505] exit_group(0) = ?
[pid 505] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs") = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 507
./strace-static-x86_64: Process 507 attached
[pid 507] set_robust_list(0x555556770660, 24) = 0
[pid 507] chdir("./96") = 0
[pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 507] setpgid(0, 0) = 0
[pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 507] write(3, "1000", 4) = 4
[pid 507] close(3) = 0
[pid 507] symlink("/dev/binderfs", "./binderfs") = 0
[pid 507] memfd_create("syzkaller", 0) = 3
[pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 507] munmap(0x7f75d43ae000, 138412032) = 0
[ 35.617614][ T505] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.643107][ T299] EXT4-fs (loop0): unmounting filesystem.
[pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 507] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 507] close(3) = 0
[pid 507] mkdir("./file0", 0777) = 0
[pid 507] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 507] chdir("./file0") = 0
[pid 507] ioctl(4, LOOP_CLR_FD) = 0
[pid 507] close(4) = 0
[pid 507] creat("./bus", 000) = 4
[pid 507] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 507] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 507] chdir("./file0") = 0
[pid 507] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 507] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 507] memfd_create("syzkaller", 0) = 7
[pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 507] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 507] munmap(0x7f75d43ae000, 138412032) = 0
[pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 507] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 507] ioctl(8, LOOP_CLR_FD) = 0
[pid 507] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 507] close(8) = 0
[pid 507] close(7) = 0
[ 35.664854][ T507] loop0: detected capacity change from 0 to 512
[ 35.672040][ T507] EXT4-fs: Ignoring removed bh option
[ 35.677552][ T507] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.686795][ T507] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.692342][ T507] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 507] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 507] exit_group(0) = ?
[pid 507] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=507, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs") = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 509
./strace-static-x86_64: Process 509 attached
[pid 509] set_robust_list(0x555556770660, 24) = 0
[pid 509] chdir("./97") = 0
[pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 509] setpgid(0, 0) = 0
[pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 509] write(3, "1000", 4) = 4
[pid 509] close(3) = 0
[pid 509] symlink("/dev/binderfs", "./binderfs") = 0
[pid 509] memfd_create("syzkaller", 0) = 3
[pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 509] munmap(0x7f75d43ae000, 138412032) = 0
[pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 509] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 509] close(3) = 0
[pid 509] mkdir("./file0", 0777) = 0
[ 35.711886][ T507] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.737024][ T299] EXT4-fs (loop0): unmounting filesystem.
[ 35.759133][ T509] loop0: detected capacity change from 0 to 512
[pid 509] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 509] chdir("./file0") = 0
[pid 509] ioctl(4, LOOP_CLR_FD) = 0
[pid 509] close(4) = 0
[pid 509] creat("./bus", 000) = 4
[pid 509] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 509] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 509] chdir("./file0") = 0
[pid 509] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 509] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 509] memfd_create("syzkaller", 0) = 7
[pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 509] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 509] munmap(0x7f75d43ae000, 138412032) = 0
[pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 509] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 509] ioctl(8, LOOP_CLR_FD) = 0
[pid 509] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 509] close(8) = 0
[pid 509] close(7) = 0
[pid 509] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 509] exit_group(0) = ?
[pid 509] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=509, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs") = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 511
./strace-static-x86_64: Process 511 attached
[pid 511] set_robust_list(0x555556770660, 24) = 0
[pid 511] chdir("./98") = 0
[pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 511] setpgid(0, 0) = 0
[pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 511] write(3, "1000", 4) = 4
[pid 511] close(3) = 0
[pid 511] symlink("/dev/binderfs", "./binderfs") = 0
[pid 511] memfd_create("syzkaller", 0) = 3
[pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 511] munmap(0x7f75d43ae000, 138412032) = 0
[pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 35.766315][ T509] EXT4-fs: Ignoring removed bh option
[ 35.771831][ T509] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.781439][ T509] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.793778][ T509] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 511] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 511] close(3) = 0
[pid 511] mkdir("./file0", 0777) = 0
[pid 511] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 511] chdir("./file0") = 0
[pid 511] ioctl(4, LOOP_CLR_FD) = 0
[pid 511] close(4) = 0
[pid 511] creat("./bus", 000) = 4
[pid 511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 511] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 511] chdir("./file0") = 0
[pid 511] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 511] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 511] memfd_create("syzkaller", 0) = 7
[pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 511] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 511] munmap(0x7f75d43ae000, 138412032) = 0
[pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 511] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 511] ioctl(8, LOOP_CLR_FD) = 0
[pid 511] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 511] close(8) = 0
[pid 511] close(7) = 0
[ 35.831393][ T511] loop0: detected capacity change from 0 to 512
[ 35.839015][ T511] EXT4-fs: Ignoring removed bh option
[ 35.844475][ T511] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 35.853783][ T511] EXT4-fs (loop0): 1 truncate cleaned up
[pid 511] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 511] exit_group(0) = ?
[pid 511] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs") = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 513
./strace-static-x86_64: Process 513 attached
[pid 513] set_robust_list(0x555556770660, 24) = 0
[pid 513] chdir("./99") = 0
[pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 513] setpgid(0, 0) = 0
[pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 513] write(3, "1000", 4) = 4
[pid 513] close(3) = 0
[pid 513] symlink("/dev/binderfs", "./binderfs") = 0
[pid 513] memfd_create("syzkaller", 0) = 3
[pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 513] munmap(0x7f75d43ae000, 138412032) = 0
[pid 513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 513] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 513] close(3) = 0
[pid 513] mkdir("./file0", 0777) = 0
[ 35.869677][ T511] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 35.910549][ T513] loop0: detected capacity change from 0 to 512
[ 35.917681][ T513] EXT4-fs: Ignoring removed bh option
[ 35.923157][ T513] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 513] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 513] chdir("./file0") = 0
[pid 513] ioctl(4, LOOP_CLR_FD) = 0
[pid 513] close(4) = 0
[pid 513] creat("./bus", 000) = 4
[pid 513] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 513] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 513] chdir("./file0") = 0
[pid 513] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 513] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 513] memfd_create("syzkaller", 0) = 7
[pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 513] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 513] munmap(0x7f75d43ae000, 138412032) = 0
[pid 513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 513] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 513] ioctl(8, LOOP_CLR_FD) = 0
[pid 513] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 513] close(8) = 0
[pid 513] close(7) = 0
[pid 513] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 513] exit_group(0) = ?
[pid 513] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=513, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs") = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 516
./strace-static-x86_64: Process 516 attached
[pid 516] set_robust_list(0x555556770660, 24) = 0
[pid 516] chdir("./100") = 0
[pid 516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 516] setpgid(0, 0) = 0
[pid 516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 516] write(3, "1000", 4) = 4
[pid 516] close(3) = 0
[pid 516] symlink("/dev/binderfs", "./binderfs") = 0
[pid 516] memfd_create("syzkaller", 0) = 3
[pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 516] munmap(0x7f75d43ae000, 138412032) = 0
[pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 35.933314][ T513] EXT4-fs (loop0): 1 truncate cleaned up
[ 35.949947][ T513] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 516] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 516] close(3) = 0
[pid 516] mkdir("./file0", 0777) = 0
[pid 516] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 516] chdir("./file0") = 0
[pid 516] ioctl(4, LOOP_CLR_FD) = 0
[pid 516] close(4) = 0
[pid 516] creat("./bus", 000) = 4
[pid 516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 516] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 516] chdir("./file0") = 0
[pid 516] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 516] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 516] memfd_create("syzkaller", 0) = 7
[pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 516] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 516] munmap(0x7f75d43ae000, 138412032) = 0
[pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 516] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 516] ioctl(8, LOOP_CLR_FD) = 0
[pid 516] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 516] close(8) = 0
[pid 516] close(7) = 0
[ 35.990305][ T516] loop0: detected capacity change from 0 to 512
[ 35.997425][ T516] EXT4-fs: Ignoring removed bh option
[ 36.002993][ T516] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.012666][ T516] EXT4-fs (loop0): 1 truncate cleaned up
[pid 516] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 516] exit_group(0) = ?
[pid 516] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=516, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs") = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 518
./strace-static-x86_64: Process 518 attached
[pid 518] set_robust_list(0x555556770660, 24) = 0
[pid 518] chdir("./101") = 0
[pid 518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 518] setpgid(0, 0) = 0
[pid 518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 518] write(3, "1000", 4) = 4
[pid 518] close(3) = 0
[pid 518] symlink("/dev/binderfs", "./binderfs") = 0
[pid 518] memfd_create("syzkaller", 0) = 3
[pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 518] munmap(0x7f75d43ae000, 138412032) = 0
[pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 518] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 518] close(3) = 0
[pid 518] mkdir("./file0", 0777) = 0
[pid 518] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 518] chdir("./file0") = 0
[pid 518] ioctl(4, LOOP_CLR_FD) = 0
[pid 518] close(4) = 0
[pid 518] creat("./bus", 000) = 4
[pid 518] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 518] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 518] chdir("./file0") = 0
[pid 518] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 518] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 518] memfd_create("syzkaller", 0) = 7
[pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 518] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 518] munmap(0x7f75d43ae000, 138412032) = 0
[pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 518] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 518] ioctl(8, LOOP_CLR_FD) = 0
[pid 518] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 518] close(8) = 0
[pid 518] close(7) = 0
[ 36.026419][ T516] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 36.059722][ T518] loop0: detected capacity change from 0 to 512
[ 36.066753][ T518] EXT4-fs: Ignoring removed bh option
[ 36.072384][ T518] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.082040][ T518] EXT4-fs (loop0): 1 truncate cleaned up
[pid 518] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 518] exit_group(0) = ?
[pid 518] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=518, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs") = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 520
./strace-static-x86_64: Process 520 attached
[pid 520] set_robust_list(0x555556770660, 24) = 0
[pid 520] chdir("./102") = 0
[pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 520] setpgid(0, 0) = 0
[pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 520] write(3, "1000", 4) = 4
[pid 520] close(3) = 0
[pid 520] symlink("/dev/binderfs", "./binderfs") = 0
[pid 520] memfd_create("syzkaller", 0) = 3
[pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 520] munmap(0x7f75d43ae000, 138412032) = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 520] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 520] close(3) = 0
[pid 520] mkdir("./file0", 0777) = 0
[ 36.097923][ T518] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 36.135814][ T520] loop0: detected capacity change from 0 to 512
[ 36.143037][ T520] EXT4-fs: Ignoring removed bh option
[pid 520] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 520] chdir("./file0") = 0
[pid 520] ioctl(4, LOOP_CLR_FD) = 0
[pid 520] close(4) = 0
[pid 520] creat("./bus", 000) = 4
[pid 520] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 520] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 520] chdir("./file0") = 0
[pid 520] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 520] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 520] memfd_create("syzkaller", 0) = 7
[pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 520] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 520] munmap(0x7f75d43ae000, 138412032) = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 520] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 520] ioctl(8, LOOP_CLR_FD) = 0
[pid 520] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 520] close(8) = 0
[pid 520] close(7) = 0
[pid 520] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 520] exit_group(0) = ?
[pid 520] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs") = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 522 attached
[pid 522] set_robust_list(0x555556770660, 24) = 0
[pid 522] chdir("./103"
[pid 299] <... clone resumed>, child_tidptr=0x555556770650) = 522
[pid 522] <... chdir resumed>) = 0
[pid 522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 522] setpgid(0, 0) = 0
[pid 522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 522] write(3, "1000", 4) = 4
[pid 522] close(3) = 0
[pid 522] symlink("/dev/binderfs", "./binderfs") = 0
[pid 522] memfd_create("syzkaller", 0) = 3
[pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[ 36.148823][ T520] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.158283][ T520] EXT4-fs (loop0): 1 truncate cleaned up
[ 36.171799][ T520] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 522] munmap(0x7f75d43ae000, 138412032) = 0
[pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 522] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 522] close(3) = 0
[pid 522] mkdir("./file0", 0777) = 0
[pid 522] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 522] chdir("./file0") = 0
[pid 522] ioctl(4, LOOP_CLR_FD) = 0
[pid 522] close(4) = 0
[pid 522] creat("./bus", 000) = 4
[pid 522] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 522] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 522] chdir("./file0") = 0
[pid 522] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 522] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 522] memfd_create("syzkaller", 0) = 7
[pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 522] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 522] munmap(0x7f75d43ae000, 138412032) = 0
[pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 522] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 522] ioctl(8, LOOP_CLR_FD) = 0
[pid 522] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 522] close(8) = 0
[pid 522] close(7) = 0
[ 36.213076][ T522] loop0: detected capacity change from 0 to 512
[ 36.220534][ T522] EXT4-fs: Ignoring removed bh option
[ 36.226042][ T522] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.235577][ T522] EXT4-fs (loop0): 1 truncate cleaned up
[pid 522] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 522] exit_group(0) = ?
[pid 522] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=522, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs") = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 524
./strace-static-x86_64: Process 524 attached
[pid 524] set_robust_list(0x555556770660, 24) = 0
[pid 524] chdir("./104") = 0
[pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 524] setpgid(0, 0) = 0
[pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 524] write(3, "1000", 4) = 4
[pid 524] close(3) = 0
[pid 524] symlink("/dev/binderfs", "./binderfs") = 0
[pid 524] memfd_create("syzkaller", 0) = 3
[pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 524] munmap(0x7f75d43ae000, 138412032) = 0
[pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 524] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 524] close(3) = 0
[pid 524] mkdir("./file0", 0777) = 0
[ 36.253502][ T522] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 36.297083][ T524] loop0: detected capacity change from 0 to 512
[ 36.304215][ T524] EXT4-fs: Ignoring removed bh option
[pid 524] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 524] chdir("./file0") = 0
[pid 524] ioctl(4, LOOP_CLR_FD) = 0
[pid 524] close(4) = 0
[pid 524] creat("./bus", 000) = 4
[pid 524] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 524] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 524] chdir("./file0") = 0
[pid 524] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 524] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 524] memfd_create("syzkaller", 0) = 7
[pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 524] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 524] munmap(0x7f75d43ae000, 138412032) = 0
[pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 524] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 524] ioctl(8, LOOP_CLR_FD) = 0
[pid 524] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 524] close(8) = 0
[pid 524] close(7) = 0
[pid 524] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 524] exit_group(0) = ?
[pid 524] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=524, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs") = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 526
./strace-static-x86_64: Process 526 attached
[pid 526] set_robust_list(0x555556770660, 24) = 0
[pid 526] chdir("./105") = 0
[pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 526] setpgid(0, 0) = 0
[pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 526] write(3, "1000", 4) = 4
[pid 526] close(3) = 0
[pid 526] symlink("/dev/binderfs", "./binderfs") = 0
[pid 526] memfd_create("syzkaller", 0) = 3
[pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 526] munmap(0x7f75d43ae000, 138412032) = 0
[pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 36.309745][ T524] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.319304][ T524] EXT4-fs (loop0): 1 truncate cleaned up
[ 36.337999][ T524] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 526] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 526] close(3) = 0
[pid 526] mkdir("./file0", 0777) = 0
[pid 526] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 526] chdir("./file0") = 0
[pid 526] ioctl(4, LOOP_CLR_FD) = 0
[pid 526] close(4) = 0
[pid 526] creat("./bus", 000) = 4
[pid 526] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 526] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 526] chdir("./file0") = 0
[pid 526] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 526] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 526] memfd_create("syzkaller", 0) = 7
[pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 526] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 526] munmap(0x7f75d43ae000, 138412032) = 0
[pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 526] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 526] ioctl(8, LOOP_CLR_FD) = 0
[pid 526] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 526] close(8) = 0
[pid 526] close(7) = 0
[ 36.376519][ T526] loop0: detected capacity change from 0 to 512
[ 36.383519][ T526] EXT4-fs: Ignoring removed bh option
[ 36.389202][ T526] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.398796][ T526] EXT4-fs (loop0): 1 truncate cleaned up
[pid 526] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 526] exit_group(0) = ?
[pid 526] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=526, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs") = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 528
./strace-static-x86_64: Process 528 attached
[pid 528] set_robust_list(0x555556770660, 24) = 0
[pid 528] chdir("./106") = 0
[pid 528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 528] setpgid(0, 0) = 0
[pid 528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 528] write(3, "1000", 4) = 4
[pid 528] close(3) = 0
[pid 528] symlink("/dev/binderfs", "./binderfs") = 0
[pid 528] memfd_create("syzkaller", 0) = 3
[pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 528] munmap(0x7f75d43ae000, 138412032) = 0
[pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 528] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 528] close(3) = 0
[pid 528] mkdir("./file0", 0777) = 0
[ 36.415836][ T526] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 36.454372][ T528] loop0: detected capacity change from 0 to 512
[ 36.461647][ T528] EXT4-fs: Ignoring removed bh option
[ 36.467528][ T528] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 528] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 528] chdir("./file0") = 0
[pid 528] ioctl(4, LOOP_CLR_FD) = 0
[pid 528] close(4) = 0
[pid 528] creat("./bus", 000) = 4
[pid 528] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 528] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 528] chdir("./file0") = 0
[pid 528] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 528] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 528] memfd_create("syzkaller", 0) = 7
[pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 528] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 528] munmap(0x7f75d43ae000, 138412032) = 0
[pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 528] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 528] ioctl(8, LOOP_CLR_FD) = 0
[pid 528] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 528] close(8) = 0
[pid 528] close(7) = 0
[pid 528] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 528] exit_group(0) = ?
[pid 528] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=528, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/binderfs") = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 531
./strace-static-x86_64: Process 531 attached
[pid 531] set_robust_list(0x555556770660, 24) = 0
[pid 531] chdir("./107") = 0
[pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 531] setpgid(0, 0) = 0
[pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 531] write(3, "1000", 4) = 4
[pid 531] close(3) = 0
[pid 531] symlink("/dev/binderfs", "./binderfs") = 0
[pid 531] memfd_create("syzkaller", 0) = 3
[pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 531] munmap(0x7f75d43ae000, 138412032) = 0
[pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 36.477586][ T528] EXT4-fs (loop0): 1 truncate cleaned up
[ 36.495058][ T528] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor157: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 531] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 531] close(3) = 0
[pid 531] mkdir("./file0", 0777) = 0
[pid 531] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 531] chdir("./file0") = 0
[pid 531] ioctl(4, LOOP_CLR_FD) = 0
[pid 531] close(4) = 0
[pid 531] creat("./bus", 000) = 4
[pid 531] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 531] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 531] chdir("./file0") = 0
[pid 531] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 531] openat(AT_FDCWD, 0x20000280, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 531] memfd_create("syzkaller", 0) = 7
[pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d43ae000
[pid 531] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 531] munmap(0x7f75d43ae000, 138412032) = 0
[pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 531] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 531] ioctl(8, LOOP_CLR_FD) = 0
[pid 531] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 531] close(8) = 0
[pid 531] close(7) = 0
[ 36.531500][ T531] loop0: detected capacity change from 0 to 512
[ 36.538590][ T531] EXT4-fs: Ignoring removed bh option
[ 36.544033][ T531] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 36.553353][ T531] EXT4-fs (loop0): 1 truncate cleaned up
[pid 531] mkdirat(AT_FDCWD, 0x20000040, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 531] exit_group(0) = ?
[pid 531] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=531, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555567716f0 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/binderfs") = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556779730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556779730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./107/file0") = 0
getdents64(3, 0x5555567716f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./107") = 0
mkdir("./108", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556770650) = 533
./strace-static-x86_64: Process 533 attached