./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor374309334
<...>
Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts.
execve("./syz-executor374309334", ["./syz-executor374309334"], 0x7ffc37dce040 /* 10 vars */) = 0
brk(NULL) = 0x55555607f000
brk(0x55555607fd00) = 0x55555607fd00
arch_prctl(ARCH_SET_FS, 0x55555607f380) = 0
set_tid_address(0x55555607f650) = 303
set_robust_list(0x55555607f660, 24) = 0
rseq(0x55555607fca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor374309334", 4096) = 27
getrandom("\xdc\x62\xd1\x92\xe9\x68\x6f\x74", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555607fd00
brk(0x5555560a0d00) = 0x5555560a0d00
brk(0x5555560a1000) = 0x5555560a1000
mprotect(0x7fe524ea1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getrandom("\x46\xd9\x0b\x73\x4b\x49\xb2\xf5", 8, GRND_NONBLOCK) = 8
getrandom("\xd3\xcd\x5b\x5d\xcb\x7e\xa6\xb3", 8, GRND_NONBLOCK) = 8
mkdir("./syzkaller.hs2HgE", 0700) = 0
chmod("./syzkaller.hs2HgE", 0777) = 0
chdir("./syzkaller.hs2HgE") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 304
./strace-static-x86_64: Process 304 attached
[pid 304] set_robust_list(0x55555607f660, 24) = 0
[pid 304] chdir("./0") = 0
[pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 304] setpgid(0, 0) = 0
[pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 304] write(3, "1000", 4) = 4
[pid 304] close(3) = 0
[pid 304] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 304] write(1, "executing program\n", 18) = 18
[pid 304] memfd_create("syzkaller", 0) = 3
[pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 304] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 304] close(3) = 0
[pid 304] close(4) = 0
[pid 304] mkdir("./file1", 0777) = 0
[pid 304] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 304] chdir("./file1") = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_CLR_FD) = 0
[pid 304] close(4) = 0
[ 29.507761][ T28] audit: type=1400 audit(1726541338.694:66): avc: denied { execmem } for pid=303 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 29.510666][ T28] audit: type=1400 audit(1726541338.694:67): avc: denied { read write } for pid=303 comm="syz-executor374" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 29.513979][ T28] audit: type=1400 audit(1726541338.694:68): avc: denied { open } for pid=303 comm="syz-executor374" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 29.517771][ T28] audit: type=1400 audit(1726541338.694:69): avc: denied { ioctl } for pid=303 comm="syz-executor374" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 29.524236][ T304] loop0: detected capacity change from 0 to 1024
[ 29.527486][ T28] audit: type=1400 audit(1726541338.714:70): avc: denied { mounton } for pid=304 comm="syz-executor374" path="/root/syzkaller.hs2HgE/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 29.527540][ T304] EXT4-fs: Ignoring removed orlov option
[ 29.536385][ T304] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 29.547624][ T304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 304] chdir("./file0") = 0
[pid 304] creat("./bus", 000) = 4
[pid 304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 304] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 304] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 304] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 304] exit_group(0) = ?
[pid 304] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/lost+found") = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file0") = 0
umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file1") = 0
umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/file0") = 0
umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file1") = 0
umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file2") = 0
umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file3") = 0
umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = -1 EBUSY (Device or resource busy)
[ 29.556030][ T28] audit: type=1400 audit(1726541338.744:71): avc: denied { mount } for pid=304 comm="syz-executor374" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 29.578750][ T28] audit: type=1400 audit(1726541338.744:72): avc: denied { write } for pid=304 comm="syz-executor374" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 29.601371][ T28] audit: type=1400 audit(1726541338.744:73): avc: denied { add_name } for pid=304 comm="syz-executor374" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 29.601776][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 29.621998][ T28] audit: type=1400 audit(1726541338.744:74): avc: denied { create } for pid=304 comm="syz-executor374" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 310
./strace-static-x86_64: Process 310 attached
[pid 310] set_robust_list(0x55555607f660, 24) = 0
[pid 310] chdir("./1") = 0
[pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 310] setpgid(0, 0) = 0
[pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 310] write(3, "1000", 4) = 4
[pid 310] close(3) = 0
[pid 310] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 310] write(1, "executing program\n", 18) = 18
[pid 310] memfd_create("syzkaller", 0) = 3
[pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 310] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 310] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 310] close(3) = 0
[pid 310] close(4) = 0
[pid 310] mkdir("./file1", 0777) = 0
[ 29.647502][ T28] audit: type=1400 audit(1726541338.744:75): avc: denied { write open } for pid=304 comm="syz-executor374" path="/root/syzkaller.hs2HgE/0/file1/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 29.675192][ T310] loop0: detected capacity change from 0 to 1024
[ 29.692477][ T310] EXT4-fs: Ignoring removed orlov option
[ 29.698241][ T310] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 310] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 310] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 310] chdir("./file1") = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 310] ioctl(4, LOOP_CLR_FD) = 0
[pid 310] close(4) = 0
[pid 310] chdir("./file0") = 0
[pid 310] creat("./bus", 000) = 4
[pid 310] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 310] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 310] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 310] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 310] exit_group(0) = ?
[pid 310] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/lost+found") = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file0") = 0
umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file1") = 0
umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/file0") = 0
umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file1") = 0
umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file2") = 0
umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file3") = 0
umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = -1 EBUSY (Device or resource busy)
[ 29.707009][ T310] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 314
./strace-static-x86_64: Process 314 attached
[pid 314] set_robust_list(0x55555607f660, 24) = 0
[pid 314] chdir("./2") = 0
[pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 314] setpgid(0, 0) = 0
[pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 314] write(3, "1000", 4) = 4
[pid 314] close(3) = 0
[pid 314] symlink("/dev/binderfs", "./binderfs") = 0
[pid 314] write(1, "executing program\n", 18executing program
) = 18
[pid 314] memfd_create("syzkaller", 0) = 3
[pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 314] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 314] close(3) = 0
[pid 314] close(4) = 0
[pid 314] mkdir("./file1", 0777) = 0
[ 29.750057][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 29.773872][ T314] loop0: detected capacity change from 0 to 1024
[ 29.784293][ T314] EXT4-fs: Ignoring removed orlov option
[ 29.790038][ T314] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 314] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 314] chdir("./file1") = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_CLR_FD) = 0
[pid 314] close(4) = 0
[pid 314] chdir("./file0") = 0
[pid 314] creat("./bus", 000) = 4
[pid 314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 314] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 314] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 314] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 314] exit_group(0) = ?
[pid 314] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/lost+found") = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file0") = 0
umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file1") = 0
umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
[ 29.807071][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 29.835308][ T303] ==================================================================
[ 29.843192][ T303] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[ 29.851001][ T303] Read of size 4 at addr ffff88811e78d000 by task syz-executor374/303
[ 29.858983][ T303]
[ 29.861165][ T303] CPU: 0 PID: 303 Comm: syz-executor374 Not tainted 6.1.93-syzkaller-00008-gd1f3a046a65d #0
[ 29.871048][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 29.880950][ T303] Call Trace:
[ 29.884067][ T303]
[ 29.886845][ T303] dump_stack_lvl+0x151/0x1b7
[ 29.891358][ T303] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 29.896651][ T303] ? _printk+0xd1/0x111
[ 29.900642][ T303] ? __virt_addr_valid+0x242/0x2f0
[ 29.905763][ T303] print_report+0x158/0x4e0
[ 29.910105][ T303] ? __virt_addr_valid+0x242/0x2f0
[ 29.915050][ T303] ? kasan_addr_to_slab+0xd/0x80
[ 29.919825][ T303] ? ext4_xattr_delete_inode+0xcd0/0xce0
[ 29.925290][ T303] kasan_report+0x13c/0x170
[ 29.929632][ T303] ? ext4_xattr_delete_inode+0xcd0/0xce0
[ 29.935101][ T303] __asan_report_load4_noabort+0x14/0x20
[ 29.940570][ T303] ext4_xattr_delete_inode+0xcd0/0xce0
[ 29.945865][ T303] ? sb_end_intwrite+0x130/0x130
[ 29.950645][ T303] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40
[ 29.956537][ T303] ? __kasan_check_read+0x11/0x20
[ 29.961400][ T303] ? ext4_inode_is_fast_symlink+0x295/0x3d0
[ 29.967125][ T303] ? ext4_evict_inode+0xbc2/0x1550
[ 29.972071][ T303] ext4_evict_inode+0xef9/0x1550
[ 29.976845][ T303] ? _raw_spin_unlock+0x4c/0x70
[ 29.981535][ T303] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[ 29.987261][ T303] ? _raw_spin_unlock+0x4c/0x70
[ 29.991946][ T303] ? inode_io_list_del+0x18b/0x1a0
[ 29.996936][ T303] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[ 30.002622][ T303] evict+0x2a3/0x630
[ 30.006356][ T303] iput+0x616/0x690
[ 30.010000][ T303] vfs_rmdir+0x3c2/0x500
[ 30.014079][ T303] do_rmdir+0x3ab/0x630
[ 30.018073][ T303] ? d_delete_notify+0x160/0x160
[ 30.022846][ T303] ? strncpy_from_user+0x169/0x2b0
[ 30.027792][ T303] ? getname_flags+0x1fd/0x520
[ 30.032393][ T303] __x64_sys_rmdir+0x49/0x50
[ 30.036821][ T303] x64_sys_call+0x274/0x9a0
[ 30.041159][ T303] do_syscall_64+0x3b/0xb0
[ 30.045416][ T303] ? clear_bhb_loop+0x55/0xb0
[ 30.049924][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.055654][ T303] RIP: 0033:0x7fe524e2cdc7
[ 30.059906][ T303] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 30.079347][ T303] RSP: 002b:00007ffd5a5391d8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
[ 30.087591][ T303] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe524e2cdc7
[ 30.095402][ T303] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffd5a53a380
[ 30.103215][ T303] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000
[ 30.111026][ T303] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd5a53a380
[ 30.118837][ T303] R13: 0000555556090740 R14: 431bde82d7b634db R15: 00007ffd5a53c500
[ 30.126652][ T303]
[ 30.129511][ T303]
[ 30.131680][ T303] The buggy address belongs to the physical page:
[ 30.137938][ T303] page:ffffea000479e340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11e78d
[ 30.147997][ T303] flags: 0x4000000000000000(zone=1)
[ 30.153039][ T303] raw: 4000000000000000 ffffea000479e3c8 ffffea000479e388 0000000000000000
[ 30.161458][ T303] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 30.169869][ T303] page dumped because: kasan: bad access detected
[ 30.176124][ T303] page_owner tracks the page as freed
[ 30.181326][ T303] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 290, tgid 290 (sshd), ts 24045274920, free_ts 24052542508
[ 30.199902][ T303] post_alloc_hook+0x213/0x220
[ 30.204498][ T303] prep_new_page+0x1b/0x110
[ 30.208838][ T303] get_page_from_freelist+0x27ea/0x2870
[ 30.214305][ T303] __alloc_pages+0x3a1/0x780
[ 30.218732][ T303] __folio_alloc+0x15/0x40
[ 30.222985][ T303] handle_mm_fault+0x1cf7/0x30e0
[ 30.227760][ T303] exc_page_fault+0x3b3/0x6d0
[ 30.232272][ T303] asm_exc_page_fault+0x27/0x30
[ 30.236958][ T303] page last free stack trace:
[ 30.241473][ T303] free_unref_page_prepare+0x83d/0x850
[ 30.246766][ T303] free_unref_page_list+0xf1/0x7b0
[ 30.251712][ T303] release_pages+0xf7f/0xfe0
[ 30.256137][ T303] free_pages_and_swap_cache+0x8a/0xa0
[ 30.261431][ T303] tlb_finish_mmu+0x1e0/0x3f0
[ 30.265945][ T303] unmap_region+0x2c1/0x310
[ 30.270283][ T303] do_mas_align_munmap+0xd05/0x1400
[ 30.275318][ T303] __se_sys_brk+0x831/0xd60
[ 30.279659][ T303] __x64_sys_brk+0x38/0x40
[ 30.283910][ T303] x64_sys_call+0x7c/0x9a0
[ 30.288163][ T303] do_syscall_64+0x3b/0xb0
[ 30.292416][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 30.298149][ T303]
[ 30.300314][ T303] Memory state around the buggy address:
[ 30.305785][ T303] ffff88811e78cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.313684][ T303] ffff88811e78cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.321584][ T303] >ffff88811e78d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.329485][ T303] ^
[ 30.333389][ T303] ffff88811e78d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.341287][ T303] ffff88811e78d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.349179][ T303] ==================================================================
rmdir("./2/file1/file0") = 0
umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file1") = 0
umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file2") = 0
umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file3") = 0
umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file1") = -1 EBUSY (Device or resource busy)
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./2/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 317
./strace-static-x86_64: Process 317 attached
[pid 317] set_robust_list(0x55555607f660, 24) = 0
[pid 317] chdir("./3") = 0
[pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 317] setpgid(0, 0) = 0
[pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 317] write(3, "1000", 4) = 4
[pid 317] close(3) = 0
[pid 317] symlink("/dev/binderfs", "./binderfs") = 0
[pid 317] write(1, "executing program\n", 18executing program
) = 18
[pid 317] memfd_create("syzkaller", 0) = 3
[pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 317] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 317] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 317] close(3) = 0
[pid 317] close(4) = 0
[pid 317] mkdir("./file1", 0777) = 0
[ 30.357405][ T303] Disabling lock debugging due to kernel taint
[ 30.370481][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 30.391728][ T317] loop0: detected capacity change from 0 to 1024
[ 30.401568][ T317] EXT4-fs: Ignoring removed orlov option
[pid 317] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 317] chdir("./file1") = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 317] ioctl(4, LOOP_CLR_FD) = 0
[pid 317] close(4) = 0
[pid 317] chdir("./file0") = 0
[pid 317] creat("./bus", 000) = 4
[pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 317] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 317] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 317] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 317] exit_group(0) = ?
[pid 317] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/lost+found") = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file0") = 0
umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file1") = 0
umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/file0") = 0
umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file1") = 0
umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file2") = 0
umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file3") = 0
umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 30.407202][ T317] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 30.416853][ T317] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
rmdir("./3/file1") = -1 EBUSY (Device or resource busy)
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./3/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 320
./strace-static-x86_64: Process 320 attached
[pid 320] set_robust_list(0x55555607f660, 24) = 0
[pid 320] chdir("./4") = 0
[pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 320] setpgid(0, 0) = 0
[pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 320] write(3, "1000", 4) = 4
[pid 320] close(3) = 0
[pid 320] symlink("/dev/binderfs", "./binderfs") = 0
[pid 320] write(1, "executing program\n", 18executing program
) = 18
[pid 320] memfd_create("syzkaller", 0) = 3
[pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 320] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 320] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 320] close(3) = 0
[pid 320] close(4) = 0
[pid 320] mkdir("./file1", 0777) = 0
[ 30.450530][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 30.473119][ T320] loop0: detected capacity change from 0 to 1024
[ 30.481174][ T320] EXT4-fs: Ignoring removed orlov option
[ 30.486744][ T320] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 320] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 320] chdir("./file1") = 0
[pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 320] ioctl(4, LOOP_CLR_FD) = 0
[pid 320] close(4) = 0
[pid 320] chdir("./file0") = 0
[pid 320] creat("./bus", 000) = 4
[pid 320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 320] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 320] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 320] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 320] exit_group(0) = ?
[pid 320] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/lost+found") = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file0") = 0
umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file1") = 0
umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/file0") = 0
umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file1") = 0
umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file2") = 0
umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file3") = 0
umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file1") = -1 EBUSY (Device or resource busy)
[ 30.497356][ T320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./4/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 323 attached
[pid 323] set_robust_list(0x55555607f660, 24) = 0
[pid 323] chdir("./5") = 0
[pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 323] setpgid(0, 0) = 0
[pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 323
[pid 323] <... openat resumed>) = 3
[pid 323] write(3, "1000", 4) = 4
[pid 323] close(3) = 0
[pid 323] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 323] write(1, "executing program\n", 18) = 18
[pid 323] memfd_create("syzkaller", 0) = 3
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 323] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 323] close(3) = 0
[pid 323] close(4) = 0
[pid 323] mkdir("./file1", 0777) = 0
[ 30.540937][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 30.560902][ T323] loop0: detected capacity change from 0 to 1024
[ 30.570693][ T323] EXT4-fs: Ignoring removed orlov option
[ 30.576300][ T323] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 323] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 323] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 323] chdir("./file1") = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 323] ioctl(4, LOOP_CLR_FD) = 0
[pid 323] close(4) = 0
[pid 323] chdir("./file0") = 0
[pid 323] creat("./bus", 000) = 4
[pid 323] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 323] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 323] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 323] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 323] exit_group(0) = ?
[pid 323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/lost+found") = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file0") = 0
umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file1") = 0
umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/file0") = 0
umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file1") = 0
umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file2") = 0
umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file3") = 0
umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file1") = -1 EBUSY (Device or resource busy)
[ 30.586792][ T323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./5/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 327
./strace-static-x86_64: Process 327 attached
[pid 327] set_robust_list(0x55555607f660, 24) = 0
[pid 327] chdir("./6") = 0
[pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 327] setpgid(0, 0) = 0
[pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 327] write(3, "1000", 4) = 4
[pid 327] close(3) = 0
[pid 327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 327] write(1, "executing program\n", 18executing program
) = 18
[pid 327] memfd_create("syzkaller", 0) = 3
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 327] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 327] close(3) = 0
[pid 327] close(4) = 0
[pid 327] mkdir("./file1", 0777) = 0
[ 30.615398][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 30.636836][ T327] loop0: detected capacity change from 0 to 1024
[ 30.646983][ T327] EXT4-fs: Ignoring removed orlov option
[ 30.652450][ T327] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 327] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 327] chdir("./file1") = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_CLR_FD) = 0
[pid 327] close(4) = 0
[pid 327] chdir("./file0") = 0
[pid 327] creat("./bus", 000) = 4
[pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 327] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 327] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 327] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 327] exit_group(0) = ?
[pid 327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/lost+found") = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file0") = 0
umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file1") = 0
umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/file0") = 0
umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file1") = 0
umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file2") = 0
umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file3") = 0
umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file1") = -1 EBUSY (Device or resource busy)
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./6/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 330
./strace-static-x86_64: Process 330 attached
[pid 330] set_robust_list(0x55555607f660, 24) = 0
[pid 330] chdir("./7") = 0
[pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 330] setpgid(0, 0) = 0
[pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 330] write(3, "1000", 4) = 4
[pid 330] close(3) = 0
[pid 330] symlink("/dev/binderfs", "./binderfs") = 0
[pid 330] write(1, "executing program\n", 18executing program
) = 18
[pid 330] memfd_create("syzkaller", 0) = 3
[pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 330] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.666857][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 30.705440][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 330] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 330] close(3) = 0
[pid 330] close(4) = 0
[pid 330] mkdir("./file1", 0777) = 0
[pid 330] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 330] chdir("./file1") = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 330] ioctl(4, LOOP_CLR_FD) = 0
[pid 330] close(4) = 0
[pid 330] chdir("./file0") = 0
[pid 330] creat("./bus", 000) = 4
[pid 330] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 330] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 330] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 330] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 330] exit_group(0) = ?
[pid 330] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/lost+found") = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file0") = 0
umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file1") = 0
umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/file0") = 0
umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file1") = 0
umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file2") = 0
umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file3") = 0
umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file1") = -1 EBUSY (Device or resource busy)
[ 30.725724][ T330] loop0: detected capacity change from 0 to 1024
[ 30.735380][ T330] EXT4-fs: Ignoring removed orlov option
[ 30.741330][ T330] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 30.757016][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./7/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 333
./strace-static-x86_64: Process 333 attached
[pid 333] set_robust_list(0x55555607f660, 24) = 0
[pid 333] chdir("./8") = 0
[pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 333] setpgid(0, 0) = 0
[pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 333] write(3, "1000", 4) = 4
[pid 333] close(3) = 0
[pid 333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 333] write(1, "executing program\n", 18executing program
) = 18
[pid 333] memfd_create("syzkaller", 0) = 3
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 333] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 333] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 333] close(3) = 0
[pid 333] close(4) = 0
[pid 333] mkdir("./file1", 0777) = 0
[ 30.791979][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 30.814704][ T333] loop0: detected capacity change from 0 to 1024
[ 30.823208][ T333] EXT4-fs: Ignoring removed orlov option
[ 30.828866][ T333] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 333] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 333] chdir("./file1") = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 333] ioctl(4, LOOP_CLR_FD) = 0
[pid 333] close(4) = 0
[pid 333] chdir("./file0") = 0
[pid 333] creat("./bus", 000) = 4
[pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 333] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 333] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 333] exit_group(0) = ?
[pid 333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/lost+found") = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file0") = 0
umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file1") = 0
umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/file0") = 0
umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file1") = 0
umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file2") = 0
umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file3") = 0
umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file1") = -1 EBUSY (Device or resource busy)
[ 30.837168][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./8/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 336
./strace-static-x86_64: Process 336 attached
[pid 336] set_robust_list(0x55555607f660, 24) = 0
[pid 336] chdir("./9") = 0
[pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 336] setpgid(0, 0) = 0
[pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 336] write(3, "1000", 4) = 4
[pid 336] close(3) = 0
[pid 336] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 336] write(1, "executing program\n", 18) = 18
[pid 336] memfd_create("syzkaller", 0) = 3
[pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 336] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 336] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 336] close(3) = 0
[pid 336] close(4) = 0
[pid 336] mkdir("./file1", 0777) = 0
[ 30.865471][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 30.884471][ T336] loop0: detected capacity change from 0 to 1024
[ 30.901653][ T336] EXT4-fs: Ignoring removed orlov option
[ 30.907159][ T336] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 336] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 336] chdir("./file1") = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 336] ioctl(4, LOOP_CLR_FD) = 0
[pid 336] close(4) = 0
[pid 336] chdir("./file0") = 0
[pid 336] creat("./bus", 000) = 4
[pid 336] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 336] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 336] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 336] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 336] exit_group(0) = ?
[pid 336] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/lost+found") = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file0") = 0
umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file1") = 0
umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/file0") = 0
umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file1") = 0
umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file2") = 0
umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file3") = 0
umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file1") = -1 EBUSY (Device or resource busy)
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./9/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55555607f650) = 339
./strace-static-x86_64: Process 339 attached
[pid 339] set_robust_list(0x55555607f660, 24) = 0
[pid 339] chdir("./10") = 0
[pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 339] setpgid(0, 0) = 0
[pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 339] write(3, "1000", 4) = 4
[pid 339] close(3) = 0
[pid 339] symlink("/dev/binderfs", "./binderfs") = 0
[pid 339] write(1, "executing program\n", 18) = 18
[pid 339] memfd_create("syzkaller", 0) = 3
[pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 339] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.916976][ T336] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 30.953137][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 339] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 339] close(3) = 0
[pid 339] close(4) = 0
[pid 339] mkdir("./file1", 0777) = 0
[pid 339] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 339] chdir("./file1") = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 339] ioctl(4, LOOP_CLR_FD) = 0
[pid 339] close(4) = 0
[pid 339] chdir("./file0") = 0
[pid 339] creat("./bus", 000) = 4
[pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 339] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 339] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 339] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 339] exit_group(0) = ?
[pid 339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/lost+found") = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file0") = 0
umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file1") = 0
umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/file0") = 0
umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file1") = 0
umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file2") = 0
umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file3") = 0
umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file1") = -1 EBUSY (Device or resource busy)
[ 30.973425][ T339] loop0: detected capacity change from 0 to 1024
[ 30.980483][ T339] EXT4-fs: Ignoring removed orlov option
[ 30.986584][ T339] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 30.997082][ T339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./10/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x55555607f660, 24) = 0
[pid 342] chdir("./11") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] write(1, "executing program\n", 18executing program
) = 18
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 342] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] close(3) = 0
[pid 342] close(4) = 0
[pid 342] mkdir("./file1", 0777) = 0
[ 31.028732][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.050836][ T342] loop0: detected capacity change from 0 to 1024
[ 31.060621][ T342] EXT4-fs: Ignoring removed orlov option
[ 31.066199][ T342] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 342] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("./file1") = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] close(4) = 0
[pid 342] chdir("./file0") = 0
[pid 342] creat("./bus", 000) = 4
[pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 342] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 342] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 342] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/lost+found") = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file0") = 0
umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file1") = 0
umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/file0") = 0
umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file1") = 0
umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file2") = 0
umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file3") = 0
umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file1") = -1 EBUSY (Device or resource busy)
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./11/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 345 attached
, child_tidptr=0x55555607f650) = 345
[pid 345] set_robust_list(0x55555607f660, 24) = 0
[pid 345] chdir("./12") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
executing program
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] write(1, "executing program\n", 18) = 18
[pid 345] memfd_create("syzkaller", 0) = 3
[pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 345] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.077075][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 31.111007][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 345] close(3) = 0
[pid 345] close(4) = 0
[pid 345] mkdir("./file1", 0777) = 0
[pid 345] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 345] chdir("./file1") = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_CLR_FD) = 0
[pid 345] close(4) = 0
[pid 345] chdir("./file0") = 0
[pid 345] creat("./bus", 000) = 4
[pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 345] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 345] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/lost+found") = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file0") = 0
umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file1") = 0
umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/file0") = 0
umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file1") = 0
umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file2") = 0
umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file3") = 0
umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file1") = -1 EBUSY (Device or resource busy)
[ 31.133539][ T345] loop0: detected capacity change from 0 to 1024
[ 31.143189][ T345] EXT4-fs: Ignoring removed orlov option
[ 31.148898][ T345] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 31.157964][ T345] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./12/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x55555607f660, 24) = 0
[pid 348] chdir("./13") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] write(1, "executing program\n", 18executing program
) = 18
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 348] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] close(4) = 0
[pid 348] mkdir("./file1", 0777) = 0
[ 31.186977][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.211714][ T348] loop0: detected capacity change from 0 to 1024
[ 31.223685][ T348] EXT4-fs: Ignoring removed orlov option
[ 31.229387][ T348] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 348] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("./file1") = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] chdir("./file0") = 0
[pid 348] creat("./bus", 000) = 4
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 348] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 348] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/lost+found") = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file0") = 0
umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file1") = 0
umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/file0") = 0
umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file1") = 0
umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file2") = 0
umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file3") = 0
umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file1") = -1 EBUSY (Device or resource busy)
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./13/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x55555607f660, 24) = 0
[pid 351] chdir("./14") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] close(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 351] write(1, "executing program\n", 18executing program
) = 18
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 351] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.247028][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 31.276403][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] close(3) = 0
[pid 351] close(4) = 0
[pid 351] mkdir("./file1", 0777) = 0
[pid 351] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("./file1") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] close(4) = 0
[pid 351] chdir("./file0") = 0
[pid 351] creat("./bus", 000) = 4
[pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 351] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 351] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/lost+found") = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file0") = 0
umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file1") = 0
umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/file0") = 0
umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file1") = 0
umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file2") = 0
umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file3") = 0
umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file1") = -1 EBUSY (Device or resource busy)
[ 31.299843][ T351] loop0: detected capacity change from 0 to 1024
[ 31.310349][ T351] EXT4-fs: Ignoring removed orlov option
[ 31.315815][ T351] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 31.327559][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./14/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x55555607f660, 24) = 0
[pid 354] chdir("./15") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] write(1, "executing program\n", 18executing program
) = 18
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 354] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] close(4) = 0
[pid 354] mkdir("./file1", 0777) = 0
[ 31.365097][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.387888][ T354] loop0: detected capacity change from 0 to 1024
[ 31.397316][ T354] EXT4-fs: Ignoring removed orlov option
[ 31.402832][ T354] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 354] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file1") = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] chdir("./file0") = 0
[pid 354] creat("./bus", 000) = 4
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 354] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 354] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/lost+found") = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file0") = 0
umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file1") = 0
umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/file0") = 0
umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file1") = 0
umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file2") = 0
umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file3") = 0
umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file1") = -1 EBUSY (Device or resource busy)
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./15/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 357
./strace-static-x86_64: Process 357 attached
[pid 357] set_robust_list(0x55555607f660, 24) = 0
[pid 357] chdir("./16") = 0
[pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 357] setpgid(0, 0) = 0
[pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 357] write(3, "1000", 4) = 4
[pid 357] close(3) = 0
[pid 357] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 357] write(1, "executing program\n", 18) = 18
[pid 357] memfd_create("syzkaller", 0) = 3
[pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 357] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.417431][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 31.453803][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 357] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 357] close(3) = 0
[pid 357] close(4) = 0
[pid 357] mkdir("./file1", 0777) = 0
[pid 357] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 357] chdir("./file1") = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_CLR_FD) = 0
[pid 357] close(4) = 0
[pid 357] chdir("./file0") = 0
[pid 357] creat("./bus", 000) = 4
[pid 357] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 357] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 357] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 357] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 357] exit_group(0) = ?
[pid 357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/lost+found") = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file0") = 0
umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file1") = 0
umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/file0") = 0
umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file1") = 0
umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file2") = 0
umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file3") = 0
umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file1") = -1 EBUSY (Device or resource busy)
[ 31.474256][ T357] loop0: detected capacity change from 0 to 1024
[ 31.484467][ T357] EXT4-fs: Ignoring removed orlov option
[ 31.490147][ T357] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 31.507611][ T357] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./16/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 360
./strace-static-x86_64: Process 360 attached
[pid 360] set_robust_list(0x55555607f660, 24) = 0
[pid 360] chdir("./17") = 0
[pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 360] setpgid(0, 0) = 0
[pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 360] write(3, "1000", 4) = 4
[pid 360] close(3) = 0
[pid 360] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 360] write(1, "executing program\n", 18) = 18
[pid 360] memfd_create("syzkaller", 0) = 3
[pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 360] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 360] close(3) = 0
[pid 360] close(4) = 0
[pid 360] mkdir("./file1", 0777) = 0
[ 31.538122][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.555734][ T360] loop0: detected capacity change from 0 to 1024
[ 31.565647][ T360] EXT4-fs: Ignoring removed orlov option
[ 31.573069][ T360] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 360] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 360] chdir("./file1") = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_CLR_FD) = 0
[pid 360] close(4) = 0
[pid 360] chdir("./file0") = 0
[pid 360] creat("./bus", 000) = 4
[pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 360] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 360] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 360] exit_group(0) = ?
[pid 360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/lost+found") = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file0") = 0
umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file1") = 0
umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/file0") = 0
umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file1") = 0
umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file2") = 0
umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file3") = 0
umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file1") = -1 EBUSY (Device or resource busy)
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./17/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 364
./strace-static-x86_64: Process 364 attached
[pid 364] set_robust_list(0x55555607f660, 24) = 0
[pid 364] chdir("./18") = 0
[pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 364] setpgid(0, 0) = 0
[pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 364] write(3, "1000", 4) = 4
[pid 364] close(3) = 0
[pid 364] symlink("/dev/binderfs", "./binderfs") = 0
[pid 364] write(1, "executing program\n", 18executing program
) = 18
[pid 364] memfd_create("syzkaller", 0) = 3
[pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 364] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.587122][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 31.618924][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 364] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 364] close(3) = 0
[pid 364] close(4) = 0
[pid 364] mkdir("./file1", 0777) = 0
[pid 364] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 364] chdir("./file1") = 0
[pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 364] ioctl(4, LOOP_CLR_FD) = 0
[pid 364] close(4) = 0
[pid 364] chdir("./file0") = 0
[pid 364] creat("./bus", 000) = 4
[pid 364] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 364] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 364] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 364] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 364] exit_group(0) = ?
[pid 364] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/lost+found") = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file0") = 0
umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file1") = 0
umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/file0") = 0
umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file1") = 0
umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file2") = 0
umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file3") = 0
umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file1") = -1 EBUSY (Device or resource busy)
[ 31.642270][ T364] loop0: detected capacity change from 0 to 1024
[ 31.652692][ T364] EXT4-fs: Ignoring removed orlov option
[ 31.658620][ T364] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 31.667048][ T364] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./18/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55555607f650) = 367
./strace-static-x86_64: Process 367 attached
[pid 367] set_robust_list(0x55555607f660, 24) = 0
[pid 367] chdir("./19") = 0
[pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 367] setpgid(0, 0) = 0
[pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 367] write(3, "1000", 4) = 4
[pid 367] close(3) = 0
[pid 367] symlink("/dev/binderfs", "./binderfs") = 0
[pid 367] write(1, "executing program\n", 18) = 18
[pid 367] memfd_create("syzkaller", 0) = 3
[pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 367] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 367] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 367] close(3) = 0
[pid 367] close(4) = 0
[pid 367] mkdir("./file1", 0777) = 0
[ 31.700351][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.720778][ T367] loop0: detected capacity change from 0 to 1024
[ 31.730215][ T367] EXT4-fs: Ignoring removed orlov option
[ 31.735737][ T367] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 367] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 367] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 367] chdir("./file1") = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 367] ioctl(4, LOOP_CLR_FD) = 0
[pid 367] close(4) = 0
[pid 367] chdir("./file0") = 0
[pid 367] creat("./bus", 000) = 4
[pid 367] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 367] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 367] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 367] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 367] exit_group(0) = ?
[pid 367] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/lost+found") = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file0") = 0
umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file1") = 0
umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/file0") = 0
umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file1") = 0
umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file2") = 0
umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file3") = 0
umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file1") = -1 EBUSY (Device or resource busy)
[ 31.747158][ T367] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./19/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 370
./strace-static-x86_64: Process 370 attached
[pid 370] set_robust_list(0x55555607f660, 24) = 0
[pid 370] chdir("./20") = 0
[pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 370] setpgid(0, 0) = 0
[pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 370] write(3, "1000", 4) = 4
[pid 370] close(3) = 0
[pid 370] symlink("/dev/binderfs", "./binderfs") = 0
[pid 370] write(1, "executing program\n", 18executing program
) = 18
[pid 370] memfd_create("syzkaller", 0) = 3
[pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 370] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 370] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 370] close(3) = 0
[pid 370] close(4) = 0
[pid 370] mkdir("./file1", 0777) = 0
[ 31.777940][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.801373][ T370] loop0: detected capacity change from 0 to 1024
[ 31.811207][ T370] EXT4-fs: Ignoring removed orlov option
[ 31.816889][ T370] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 370] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 370] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 370] chdir("./file1") = 0
[pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 370] ioctl(4, LOOP_CLR_FD) = 0
[pid 370] close(4) = 0
[pid 370] chdir("./file0") = 0
[pid 370] creat("./bus", 000) = 4
[pid 370] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 370] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 370] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 370] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 370] exit_group(0) = ?
[pid 370] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/lost+found") = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file0") = 0
umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file1") = 0
umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/file0") = 0
umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file1") = 0
umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file2") = 0
umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file3") = 0
umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file1") = -1 EBUSY (Device or resource busy)
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./20/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 373
./strace-static-x86_64: Process 373 attached
[pid 373] set_robust_list(0x55555607f660, 24) = 0
[pid 373] chdir("./21") = 0
[pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 373] setpgid(0, 0) = 0
[pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 373] write(3, "1000", 4) = 4
[pid 373] close(3) = 0
[pid 373] symlink("/dev/binderfs", "./binderfs") = 0
[pid 373] write(1, "executing program\n", 18executing program
) = 18
[pid 373] memfd_create("syzkaller", 0) = 3
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 373] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.827452][ T370] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 31.860393][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 373] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 373] close(3) = 0
[pid 373] close(4) = 0
[pid 373] mkdir("./file1", 0777) = 0
[pid 373] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 373] chdir("./file1") = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 373] ioctl(4, LOOP_CLR_FD) = 0
[pid 373] close(4) = 0
[pid 373] chdir("./file0") = 0
[pid 373] creat("./bus", 000) = 4
[pid 373] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 373] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 373] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 373] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 373] exit_group(0) = ?
[pid 373] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/lost+found") = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file0") = 0
umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file1") = 0
umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/file0") = 0
umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file1") = 0
umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file2") = 0
umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file3") = 0
umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file1") = -1 EBUSY (Device or resource busy)
[ 31.886590][ T373] loop0: detected capacity change from 0 to 1024
[ 31.898309][ T373] EXT4-fs: Ignoring removed orlov option
[ 31.903805][ T373] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 31.917005][ T373] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./21/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 376
./strace-static-x86_64: Process 376 attached
[pid 376] set_robust_list(0x55555607f660, 24) = 0
[pid 376] chdir("./22") = 0
[pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 376] setpgid(0, 0) = 0
[pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 376] write(3, "1000", 4) = 4
[pid 376] close(3) = 0
[pid 376] symlink("/dev/binderfs", "./binderfs") = 0
[pid 376] write(1, "executing program\n", 18executing program
) = 18
[pid 376] memfd_create("syzkaller", 0) = 3
[pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 376] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 376] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 376] close(3) = 0
[pid 376] close(4) = 0
[pid 376] mkdir("./file1", 0777) = 0
[ 31.949326][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 31.972665][ T376] loop0: detected capacity change from 0 to 1024
[ 31.983071][ T376] EXT4-fs: Ignoring removed orlov option
[ 31.988781][ T376] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 376] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 376] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 376] chdir("./file1") = 0
[pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 376] ioctl(4, LOOP_CLR_FD) = 0
[pid 376] close(4) = 0
[pid 376] chdir("./file0") = 0
[pid 376] creat("./bus", 000) = 4
[pid 376] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 376] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 376] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 376] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 376] exit_group(0) = ?
[pid 376] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/lost+found") = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file0") = 0
umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file1") = 0
umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/file0") = 0
umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file1") = 0
umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file2") = 0
umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file3") = 0
umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file1") = -1 EBUSY (Device or resource busy)
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./22/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 379 attached
[pid 379] set_robust_list(0x55555607f660, 24) = 0
[pid 379] chdir("./23") = 0
[pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 379] setpgid(0, 0) = 0
[pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 379
[pid 379] <... openat resumed>) = 3
[pid 379] write(3, "1000", 4) = 4
[pid 379] close(3) = 0
[pid 379] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 379] write(1, "executing program\n", 18) = 18
[pid 379] memfd_create("syzkaller", 0) = 3
[pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 379] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.997176][ T376] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.027564][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 379] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 379] close(3) = 0
[pid 379] close(4) = 0
[pid 379] mkdir("./file1", 0777) = 0
[pid 379] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 379] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 379] chdir("./file1") = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 379] ioctl(4, LOOP_CLR_FD) = 0
[pid 379] close(4) = 0
[pid 379] chdir("./file0") = 0
[pid 379] creat("./bus", 000) = 4
[pid 379] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 379] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 379] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 379] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 379] exit_group(0) = ?
[pid 379] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/lost+found") = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file0") = 0
umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file1") = 0
umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/file0") = 0
umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file1") = 0
umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file2") = 0
umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file3") = 0
umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file1") = -1 EBUSY (Device or resource busy)
[ 32.049571][ T379] loop0: detected capacity change from 0 to 1024
[ 32.056774][ T379] EXT4-fs: Ignoring removed orlov option
[ 32.062927][ T379] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.076997][ T379] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./23/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 382
./strace-static-x86_64: Process 382 attached
[pid 382] set_robust_list(0x55555607f660, 24) = 0
[pid 382] chdir("./24") = 0
[pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 382] setpgid(0, 0) = 0
[pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 382] write(3, "1000", 4) = 4
[pid 382] close(3) = 0
[pid 382] symlink("/dev/binderfs", "./binderfs") = 0
[pid 382] write(1, "executing program\n", 18) = 18
[pid 382] memfd_create("syzkaller", 0) = 3
[pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 382] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 382] close(3) = 0
[pid 382] close(4) = 0
[pid 382] mkdir("./file1", 0777) = 0
[ 32.111958][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 32.128679][ T382] loop0: detected capacity change from 0 to 1024
[ 32.135709][ T382] EXT4-fs: Ignoring removed orlov option
[ 32.141905][ T382] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 382] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 382] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 382] chdir("./file1") = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_CLR_FD) = 0
[pid 382] close(4) = 0
[pid 382] chdir("./file0") = 0
[pid 382] creat("./bus", 000) = 4
[pid 382] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 382] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 382] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 382] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 382] exit_group(0) = ?
[pid 382] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/lost+found") = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file0") = 0
umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file1") = 0
umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/file0") = 0
umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file1") = 0
umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file2") = 0
umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file3") = 0
umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file1") = -1 EBUSY (Device or resource busy)
[ 32.157229][ T382] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./24/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 385
./strace-static-x86_64: Process 385 attached
[pid 385] set_robust_list(0x55555607f660, 24) = 0
[pid 385] chdir("./25") = 0
[pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 385] setpgid(0, 0) = 0
[pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 385] write(3, "1000", 4) = 4
[pid 385] close(3) = 0
[pid 385] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 385] write(1, "executing program\n", 18) = 18
[pid 385] memfd_create("syzkaller", 0) = 3
[pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 385] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 385] close(3) = 0
[pid 385] close(4) = 0
[pid 385] mkdir("./file1", 0777) = 0
[ 32.189718][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 32.210457][ T385] loop0: detected capacity change from 0 to 1024
[ 32.218757][ T385] EXT4-fs: Ignoring removed orlov option
[ 32.224308][ T385] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 385] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 385] chdir("./file1") = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_CLR_FD) = 0
[pid 385] close(4) = 0
[pid 385] chdir("./file0") = 0
[pid 385] creat("./bus", 000) = 4
[pid 385] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 385] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 385] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 385] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 385] exit_group(0) = ?
[pid 385] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/lost+found") = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file0") = 0
umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file1") = 0
umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/file0") = 0
umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file1") = 0
umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file2") = 0
umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file3") = 0
umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file1") = -1 EBUSY (Device or resource busy)
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./25/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 388
./strace-static-x86_64: Process 388 attached
[pid 388] set_robust_list(0x55555607f660, 24) = 0
[pid 388] chdir("./26") = 0
[pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 388] setpgid(0, 0) = 0
[pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 388] write(3, "1000", 4) = 4
[pid 388] close(3) = 0
[pid 388] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 388] write(1, "executing program\n", 18) = 18
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 388] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.237300][ T385] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.271569][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[pid 388] close(4) = 0
[pid 388] mkdir("./file1", 0777) = 0
[pid 388] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("./file1") = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] chdir("./file0") = 0
[pid 388] creat("./bus", 000) = 4
[pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 388] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 388] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 388] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 388] exit_group(0) = ?
[pid 388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/lost+found") = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file0") = 0
umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file1") = 0
umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/file0") = 0
umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file1") = 0
umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file2") = 0
umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file3") = 0
umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 32.290707][ T388] loop0: detected capacity change from 0 to 1024
[ 32.297904][ T388] EXT4-fs: Ignoring removed orlov option
[ 32.303435][ T388] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.317122][ T388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
rmdir("./26/file1") = -1 EBUSY (Device or resource busy)
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./26/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 391
./strace-static-x86_64: Process 391 attached
[pid 391] set_robust_list(0x55555607f660, 24) = 0
[pid 391] chdir("./27") = 0
[pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 391] setpgid(0, 0) = 0
[pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 391] write(3, "1000", 4) = 4
[pid 391] close(3) = 0
[pid 391] symlink("/dev/binderfs", "./binderfs") = 0
[pid 391] write(1, "executing program\n", 18executing program
) = 18
[pid 391] memfd_create("syzkaller", 0) = 3
[pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 391] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 391] close(3) = 0
[pid 391] close(4) = 0
[pid 391] mkdir("./file1", 0777) = 0
[ 32.349544][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 32.374533][ T391] loop0: detected capacity change from 0 to 1024
[ 32.381651][ T391] EXT4-fs: Ignoring removed orlov option
[ 32.387719][ T391] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 391] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 391] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 391] chdir("./file1") = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_CLR_FD) = 0
[pid 391] close(4) = 0
[pid 391] chdir("./file0") = 0
[pid 391] creat("./bus", 000) = 4
[pid 391] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 391] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 391] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 391] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 391] exit_group(0) = ?
[pid 391] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/lost+found") = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file0") = 0
umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file1") = 0
umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/file0") = 0
umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file1") = 0
umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file2") = 0
umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file3") = 0
umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file1") = -1 EBUSY (Device or resource busy)
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./27/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 394
./strace-static-x86_64: Process 394 attached
[pid 394] set_robust_list(0x55555607f660, 24) = 0
[pid 394] chdir("./28") = 0
[pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 394] setpgid(0, 0) = 0
[pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 394] write(3, "1000", 4) = 4
[pid 394] close(3) = 0
[pid 394] symlink("/dev/binderfs", "./binderfs") = 0
[pid 394] write(1, "executing program\n", 18executing program
) = 18
[pid 394] memfd_create("syzkaller", 0) = 3
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 394] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.397267][ T391] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.439501][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 394] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 394] close(3) = 0
[pid 394] close(4) = 0
[pid 394] mkdir("./file1", 0777) = 0
[pid 394] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 394] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 394] chdir("./file1") = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_CLR_FD) = 0
[pid 394] close(4) = 0
[pid 394] chdir("./file0") = 0
[pid 394] creat("./bus", 000) = 4
[pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 394] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 394] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 394] exit_group(0) = ?
[pid 394] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/lost+found") = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file0") = 0
umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file1") = 0
umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/file0") = 0
umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file1") = 0
umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file2") = 0
umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file3") = 0
umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file1") = -1 EBUSY (Device or resource busy)
[ 32.464266][ T394] loop0: detected capacity change from 0 to 1024
[ 32.476654][ T394] EXT4-fs: Ignoring removed orlov option
[ 32.482119][ T394] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.497033][ T394] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./28/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 397
./strace-static-x86_64: Process 397 attached
[pid 397] set_robust_list(0x55555607f660, 24) = 0
[pid 397] chdir("./29") = 0
[pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 397] setpgid(0, 0) = 0
[pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 397] write(3, "1000", 4) = 4
[pid 397] close(3) = 0
[pid 397] symlink("/dev/binderfs", "./binderfs") = 0
[pid 397] write(1, "executing program\n", 18executing program
) = 18
[pid 397] memfd_create("syzkaller", 0) = 3
[pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 397] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 397] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 397] close(3) = 0
[pid 397] close(4) = 0
[pid 397] mkdir("./file1", 0777) = 0
[ 32.525334][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 32.549762][ T397] loop0: detected capacity change from 0 to 1024
[ 32.558192][ T397] EXT4-fs: Ignoring removed orlov option
[ 32.563729][ T397] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 397] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 397] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 397] chdir("./file1") = 0
[pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 397] ioctl(4, LOOP_CLR_FD) = 0
[pid 397] close(4) = 0
[pid 397] chdir("./file0") = 0
[pid 397] creat("./bus", 000) = 4
[pid 397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 397] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 397] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 397] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 397] exit_group(0) = ?
[pid 397] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/lost+found") = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file0") = 0
umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file1") = 0
umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/file0") = 0
umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file1") = 0
umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file2") = 0
umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file3") = 0
umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file1") = -1 EBUSY (Device or resource busy)
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./29/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 401
./strace-static-x86_64: Process 401 attached
[pid 401] set_robust_list(0x55555607f660, 24) = 0
[pid 401] chdir("./30") = 0
[pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 401] setpgid(0, 0) = 0
[pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 401] write(3, "1000", 4) = 4
[pid 401] close(3) = 0
[pid 401] symlink("/dev/binderfs", "./binderfs") = 0
[pid 401] write(1, "executing program\n", 18executing program
) = 18
[pid 401] memfd_create("syzkaller", 0) = 3
[pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 401] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.577338][ T397] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.614306][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 401] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 401] close(3) = 0
[pid 401] close(4) = 0
[pid 401] mkdir("./file1", 0777) = 0
[pid 401] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 401] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 401] chdir("./file1") = 0
[pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 401] ioctl(4, LOOP_CLR_FD) = 0
[pid 401] close(4) = 0
[pid 401] chdir("./file0") = 0
[pid 401] creat("./bus", 000) = 4
[pid 401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 401] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 401] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 401] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 401] exit_group(0) = ?
[pid 401] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/lost+found") = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file0") = 0
umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file1") = 0
umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/file0") = 0
umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file1") = 0
umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file2") = 0
umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file3") = 0
umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file1") = -1 EBUSY (Device or resource busy)
[ 32.638113][ T401] loop0: detected capacity change from 0 to 1024
[ 32.646306][ T401] EXT4-fs: Ignoring removed orlov option
[ 32.651768][ T401] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.667196][ T401] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./30/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 404
./strace-static-x86_64: Process 404 attached
[pid 404] set_robust_list(0x55555607f660, 24) = 0
[pid 404] chdir("./31") = 0
[pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 404] setpgid(0, 0) = 0
[pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 404] write(3, "1000", 4) = 4
[pid 404] close(3) = 0
[pid 404] symlink("/dev/binderfs", "./binderfs") = 0
[pid 404] write(1, "executing program\n", 18executing program
) = 18
[pid 404] memfd_create("syzkaller", 0) = 3
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 404] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 404] close(3) = 0
[pid 404] close(4) = 0
[pid 404] mkdir("./file1", 0777) = 0
[ 32.703874][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 32.728687][ T404] loop0: detected capacity change from 0 to 1024
[ 32.737111][ T404] EXT4-fs: Ignoring removed orlov option
[ 32.743300][ T404] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 404] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 404] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 404] chdir("./file1") = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_CLR_FD) = 0
[pid 404] close(4) = 0
[pid 404] chdir("./file0") = 0
[pid 404] creat("./bus", 000) = 4
[pid 404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 404] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 404] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 404] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 404] exit_group(0) = ?
[pid 404] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/lost+found") = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file0") = 0
umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file1") = 0
umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/file0") = 0
umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file1") = 0
umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file2") = 0
umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file3") = 0
umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file1") = -1 EBUSY (Device or resource busy)
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./31/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 407
./strace-static-x86_64: Process 407 attached
[pid 407] set_robust_list(0x55555607f660, 24) = 0
[pid 407] chdir("./32") = 0
[pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 407] setpgid(0, 0) = 0
[pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 407] write(3, "1000", 4) = 4
[pid 407] close(3) = 0
[pid 407] symlink("/dev/binderfs", "./binderfs") = 0
[pid 407] write(1, "executing program\n", 18executing program
) = 18
[pid 407] memfd_create("syzkaller", 0) = 3
[pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 407] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.757188][ T404] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.788768][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 407] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 407] close(3) = 0
[pid 407] close(4) = 0
[pid 407] mkdir("./file1", 0777) = 0
[pid 407] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 407] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 407] chdir("./file1") = 0
[pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 407] ioctl(4, LOOP_CLR_FD) = 0
[pid 407] close(4) = 0
[pid 407] chdir("./file0") = 0
[pid 407] creat("./bus", 000) = 4
[pid 407] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 407] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 407] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 407] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 407] exit_group(0) = ?
[pid 407] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/lost+found") = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file0") = 0
umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file1") = 0
umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/file0") = 0
umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file1") = 0
umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file2") = 0
umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file3") = 0
umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file1") = -1 EBUSY (Device or resource busy)
[ 32.811932][ T407] loop0: detected capacity change from 0 to 1024
[ 32.822202][ T407] EXT4-fs: Ignoring removed orlov option
[ 32.827734][ T407] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 32.837579][ T407] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./32/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 410
./strace-static-x86_64: Process 410 attached
[pid 410] set_robust_list(0x55555607f660, 24) = 0
[pid 410] chdir("./33") = 0
[pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 410] setpgid(0, 0) = 0
[pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 410] write(3, "1000", 4) = 4
[pid 410] close(3) = 0
[pid 410] symlink("/dev/binderfs", "./binderfs") = 0
[pid 410] write(1, "executing program\n", 18executing program
) = 18
[pid 410] memfd_create("syzkaller", 0) = 3
[pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 410] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 410] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 410] close(3) = 0
[pid 410] close(4) = 0
[pid 410] mkdir("./file1", 0777) = 0
[ 32.868370][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 32.892423][ T410] loop0: detected capacity change from 0 to 1024
[ 32.904211][ T410] EXT4-fs: Ignoring removed orlov option
[ 32.910366][ T410] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 410] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 410] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 410] chdir("./file1") = 0
[pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 410] ioctl(4, LOOP_CLR_FD) = 0
[pid 410] close(4) = 0
[pid 410] chdir("./file0") = 0
[pid 410] creat("./bus", 000) = 4
[pid 410] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 410] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 410] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 410] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 410] exit_group(0) = ?
[pid 410] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/lost+found") = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file0") = 0
umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file1") = 0
umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/file0") = 0
umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file1") = 0
umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file2") = 0
umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file3") = 0
umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file1") = -1 EBUSY (Device or resource busy)
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./33/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 413
./strace-static-x86_64: Process 413 attached
[pid 413] set_robust_list(0x55555607f660, 24) = 0
[pid 413] chdir("./34") = 0
[pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 413] setpgid(0, 0) = 0
[pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 413] write(3, "1000", 4) = 4
[pid 413] close(3) = 0
[pid 413] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 413] write(1, "executing program\n", 18) = 18
[pid 413] memfd_create("syzkaller", 0) = 3
[pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 413] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.937049][ T410] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.974147][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 413] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 413] close(3) = 0
[pid 413] close(4) = 0
[pid 413] mkdir("./file1", 0777) = 0
[pid 413] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 413] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 413] chdir("./file1") = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 413] ioctl(4, LOOP_CLR_FD) = 0
[pid 413] close(4) = 0
[pid 413] chdir("./file0") = 0
[pid 413] creat("./bus", 000) = 4
[pid 413] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 413] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 413] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 413] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 413] exit_group(0) = ?
[pid 413] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/lost+found") = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file0") = 0
umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file1") = 0
umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/file0") = 0
umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file1") = 0
umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file2") = 0
umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file3") = 0
umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file1") = -1 EBUSY (Device or resource busy)
[ 32.993768][ T413] loop0: detected capacity change from 0 to 1024
[ 33.001597][ T413] EXT4-fs: Ignoring removed orlov option
[ 33.007471][ T413] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 33.016973][ T413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./34/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 416 attached
[pid 416] set_robust_list(0x55555607f660, 24) = 0
[pid 416] chdir("./35") = 0
[pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 416] setpgid(0, 0) = 0
[pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 416] write(3, "1000", 4) = 4
[pid 416] close(3) = 0
[pid 416] symlink("/dev/binderfs", "./binderfs") = 0
[pid 416] write(1, "executing program\n", 18) = 18
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 416
[pid 416] memfd_create("syzkaller", 0) = 3
[pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 416] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 416] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 416] close(3) = 0
[pid 416] close(4) = 0
[pid 416] mkdir("./file1", 0777) = 0
[ 33.053994][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.076211][ T416] loop0: detected capacity change from 0 to 1024
[ 33.083351][ T416] EXT4-fs: Ignoring removed orlov option
[ 33.089673][ T416] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 416] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 416] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 416] chdir("./file1") = 0
[pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 416] ioctl(4, LOOP_CLR_FD) = 0
[pid 416] close(4) = 0
[pid 416] chdir("./file0") = 0
[pid 416] creat("./bus", 000) = 4
[pid 416] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 416] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 416] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 416] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 416] exit_group(0) = ?
[pid 416] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/lost+found") = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file0") = 0
umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file1") = 0
umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/file0") = 0
umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file1") = 0
umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file2") = 0
umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file3") = 0
umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file1") = -1 EBUSY (Device or resource busy)
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./35/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 419
./strace-static-x86_64: Process 419 attached
[pid 419] set_robust_list(0x55555607f660, 24) = 0
[pid 419] chdir("./36") = 0
[pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 419] setpgid(0, 0) = 0
[pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 419] write(3, "1000", 4) = 4
[pid 419] close(3) = 0
[pid 419] symlink("/dev/binderfs", "./binderfs") = 0
[pid 419] write(1, "executing program\n", 18) = 18
executing program
[pid 419] memfd_create("syzkaller", 0) = 3
[pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 419] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.106869][ T416] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.140054][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 419] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 419] close(3) = 0
[pid 419] close(4) = 0
[pid 419] mkdir("./file1", 0777) = 0
[pid 419] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 419] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 419] chdir("./file1") = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 419] ioctl(4, LOOP_CLR_FD) = 0
[pid 419] close(4) = 0
[pid 419] chdir("./file0") = 0
[pid 419] creat("./bus", 000) = 4
[pid 419] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 419] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 419] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 419] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 419] exit_group(0) = ?
[pid 419] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/lost+found") = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file0") = 0
umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file1") = 0
umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/file0") = 0
umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file1") = 0
umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file2") = 0
umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file3") = 0
umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file1") = -1 EBUSY (Device or resource busy)
[ 33.160753][ T419] loop0: detected capacity change from 0 to 1024
[ 33.168685][ T419] EXT4-fs: Ignoring removed orlov option
[ 33.174206][ T419] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 33.187287][ T419] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./36/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 422
./strace-static-x86_64: Process 422 attached
[pid 422] set_robust_list(0x55555607f660, 24) = 0
[pid 422] chdir("./37") = 0
[pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 422] setpgid(0, 0) = 0
[pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 422] write(3, "1000", 4) = 4
[pid 422] close(3) = 0
[pid 422] symlink("/dev/binderfs", "./binderfs") = 0
[pid 422] write(1, "executing program\n", 18executing program
) = 18
[pid 422] memfd_create("syzkaller", 0) = 3
[pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 422] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 422] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 422] close(3) = 0
[pid 422] close(4) = 0
[pid 422] mkdir("./file1", 0777) = 0
[ 33.225502][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.250470][ T422] loop0: detected capacity change from 0 to 1024
[ 33.259041][ T422] EXT4-fs: Ignoring removed orlov option
[ 33.270726][ T422] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 422] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 422] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 422] chdir("./file1") = 0
[pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 422] ioctl(4, LOOP_CLR_FD) = 0
[pid 422] close(4) = 0
[pid 422] chdir("./file0") = 0
[pid 422] creat("./bus", 000) = 4
[pid 422] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 422] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 422] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 422] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 422] exit_group(0) = ?
[pid 422] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=422, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/lost+found") = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file0") = 0
umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file1") = 0
umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/file0") = 0
umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file1") = 0
umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file2") = 0
umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file3") = 0
umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file1") = -1 EBUSY (Device or resource busy)
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./37/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 425
./strace-static-x86_64: Process 425 attached
[pid 425] set_robust_list(0x55555607f660, 24) = 0
[pid 425] chdir("./38") = 0
[pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 425] setpgid(0, 0) = 0
[pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 425] write(3, "1000", 4) = 4
[pid 425] close(3) = 0
[pid 425] symlink("/dev/binderfs", "./binderfs") = 0
[pid 425] write(1, "executing program\n", 18executing program
) = 18
[pid 425] memfd_create("syzkaller", 0) = 3
[pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 425] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.297159][ T422] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.323736][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 425] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 425] close(3) = 0
[pid 425] close(4) = 0
[pid 425] mkdir("./file1", 0777) = 0
[pid 425] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 425] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 425] chdir("./file1") = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 425] ioctl(4, LOOP_CLR_FD) = 0
[pid 425] close(4) = 0
[pid 425] chdir("./file0") = 0
[pid 425] creat("./bus", 000) = 4
[pid 425] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 425] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 425] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 425] exit_group(0) = ?
[pid 425] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/lost+found") = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file0") = 0
umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file1") = 0
umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/file0") = 0
umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file1") = 0
umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file2") = 0
umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file3") = 0
umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file1") = -1 EBUSY (Device or resource busy)
[ 33.347679][ T425] loop0: detected capacity change from 0 to 1024
[ 33.355470][ T425] EXT4-fs: Ignoring removed orlov option
[ 33.361962][ T425] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 33.377095][ T425] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./38/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 428
./strace-static-x86_64: Process 428 attached
[pid 428] set_robust_list(0x55555607f660, 24) = 0
[pid 428] chdir("./39") = 0
[pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 428] setpgid(0, 0) = 0
[pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 428] write(3, "1000", 4) = 4
[pid 428] close(3) = 0
[pid 428] symlink("/dev/binderfs", "./binderfs") = 0
[pid 428] write(1, "executing program\n", 18executing program
) = 18
[pid 428] memfd_create("syzkaller", 0) = 3
[pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 428] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 428] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 428] close(3) = 0
[pid 428] close(4) = 0
[pid 428] mkdir("./file1", 0777) = 0
[ 33.412294][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.438313][ T428] loop0: detected capacity change from 0 to 1024
[ 33.447223][ T428] EXT4-fs: Ignoring removed orlov option
[ 33.452772][ T428] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 428] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 428] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 428] chdir("./file1") = 0
[pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 428] ioctl(4, LOOP_CLR_FD) = 0
[pid 428] close(4) = 0
[pid 428] chdir("./file0") = 0
[pid 428] creat("./bus", 000) = 4
[pid 428] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 428] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 428] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 428] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 428] exit_group(0) = ?
[pid 428] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/lost+found") = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file0") = 0
umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file1") = 0
umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/file0") = 0
umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file1") = 0
umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file2") = 0
umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file3") = 0
umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file1") = -1 EBUSY (Device or resource busy)
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./39/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 431
./strace-static-x86_64: Process 431 attached
[pid 431] set_robust_list(0x55555607f660, 24) = 0
[pid 431] chdir("./40") = 0
[pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 431] setpgid(0, 0) = 0
[pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 431] write(3, "1000", 4) = 4
[pid 431] close(3) = 0
[pid 431] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 431] write(1, "executing program\n", 18) = 18
[pid 431] memfd_create("syzkaller", 0) = 3
[pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 431] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.467060][ T428] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.498387][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 431] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 431] close(3) = 0
[pid 431] close(4) = 0
[pid 431] mkdir("./file1", 0777) = 0
[pid 431] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 431] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 431] chdir("./file1") = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 431] ioctl(4, LOOP_CLR_FD) = 0
[pid 431] close(4) = 0
[pid 431] chdir("./file0") = 0
[pid 431] creat("./bus", 000) = 4
[pid 431] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 431] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 431] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 431] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 431] exit_group(0) = ?
[pid 431] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/lost+found") = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file0") = 0
umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file1") = 0
umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/file0") = 0
umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file1") = 0
umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file2") = 0
umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file3") = 0
umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file1") = -1 EBUSY (Device or resource busy)
[ 33.514292][ T431] loop0: detected capacity change from 0 to 1024
[ 33.523941][ T431] EXT4-fs: Ignoring removed orlov option
[ 33.529831][ T431] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 33.557141][ T431] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./40/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 435
./strace-static-x86_64: Process 435 attached
[pid 435] set_robust_list(0x55555607f660, 24) = 0
[pid 435] chdir("./41") = 0
[pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 435] setpgid(0, 0) = 0
[pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 435] write(3, "1000", 4) = 4
[pid 435] close(3) = 0
[pid 435] symlink("/dev/binderfs", "./binderfs") = 0
[pid 435] write(1, "executing program\n", 18executing program
) = 18
[pid 435] memfd_create("syzkaller", 0) = 3
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 435] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 435] close(3) = 0
[pid 435] close(4) = 0
[pid 435] mkdir("./file1", 0777) = 0
[ 33.591655][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.613030][ T435] loop0: detected capacity change from 0 to 1024
[ 33.623419][ T435] EXT4-fs: Ignoring removed orlov option
[ 33.628983][ T435] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 435] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 435] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 435] chdir("./file1") = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_CLR_FD) = 0
[pid 435] close(4) = 0
[pid 435] chdir("./file0") = 0
[pid 435] creat("./bus", 000) = 4
[pid 435] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 435] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 435] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 435] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 435] exit_group(0) = ?
[pid 435] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/lost+found") = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file0") = 0
umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file1") = 0
umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/file0") = 0
umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file1") = 0
umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file2") = 0
umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file3") = 0
umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file1") = -1 EBUSY (Device or resource busy)
[ 33.637907][ T435] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./41/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 438
./strace-static-x86_64: Process 438 attached
[pid 438] set_robust_list(0x55555607f660, 24) = 0
[pid 438] chdir("./42") = 0
[pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 438] setpgid(0, 0) = 0
[pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 438] write(3, "1000", 4) = 4
[pid 438] close(3) = 0
[pid 438] symlink("/dev/binderfs", "./binderfs") = 0
[pid 438] write(1, "executing program\n", 18executing program
) = 18
[pid 438] memfd_create("syzkaller", 0) = 3
[pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 438] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 438] close(3) = 0
[pid 438] close(4) = 0
[pid 438] mkdir("./file1", 0777) = 0
[ 33.674026][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.693999][ T438] loop0: detected capacity change from 0 to 1024
[ 33.701983][ T438] EXT4-fs: Ignoring removed orlov option
[ 33.707732][ T438] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 438] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 438] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 438] chdir("./file1") = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_CLR_FD) = 0
[pid 438] close(4) = 0
[pid 438] chdir("./file0") = 0
[pid 438] creat("./bus", 000) = 4
[pid 438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 438] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 438] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 438] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 438] exit_group(0) = ?
[pid 438] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./42/file1/lost+found") = 0
umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./42/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/file0") = 0
umount2("./42/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/file1") = 0
umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./42/file1/file0") = 0
umount2("./42/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file1") = 0
umount2("./42/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file2") = 0
umount2("./42/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file3") = 0
umount2("./42/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file1") = -1 EBUSY (Device or resource busy)
[ 33.717024][ T438] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./42/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 441
./strace-static-x86_64: Process 441 attached
[pid 441] set_robust_list(0x55555607f660, 24) = 0
[pid 441] chdir("./43") = 0
[pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 441] setpgid(0, 0) = 0
[pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 441] write(3, "1000", 4) = 4
[pid 441] close(3) = 0
[pid 441] symlink("/dev/binderfs", "./binderfs") = 0
[pid 441] write(1, "executing program\n", 18executing program
) = 18
[pid 441] memfd_create("syzkaller", 0) = 3
[pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 441] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 441] close(3) = 0
[pid 441] close(4) = 0
[pid 441] mkdir("./file1", 0777) = 0
[ 33.749197][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.770847][ T441] loop0: detected capacity change from 0 to 1024
[ 33.778773][ T441] EXT4-fs: Ignoring removed orlov option
[ 33.784299][ T441] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 441] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 441] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 441] chdir("./file1") = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_CLR_FD) = 0
[pid 441] close(4) = 0
[pid 441] chdir("./file0") = 0
[pid 441] creat("./bus", 000) = 4
[pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 441] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 441] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 441] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 441] exit_group(0) = ?
[pid 441] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./43/file1/lost+found") = 0
umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./43/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/file0") = 0
umount2("./43/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/file1") = 0
umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./43/file1/file0") = 0
umount2("./43/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file1") = 0
umount2("./43/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file2") = 0
umount2("./43/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file3") = 0
umount2("./43/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file1") = -1 EBUSY (Device or resource busy)
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./43/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 444
./strace-static-x86_64: Process 444 attached
[pid 444] set_robust_list(0x55555607f660, 24) = 0
[pid 444] chdir("./44") = 0
[pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 444] setpgid(0, 0) = 0
[pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 444] write(3, "1000", 4) = 4
[pid 444] close(3) = 0
[pid 444] symlink("/dev/binderfs", "./binderfs") = 0
[pid 444] write(1, "executing program\n", 18executing program
) = 18
[pid 444] memfd_create("syzkaller", 0) = 3
[pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 444] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.797452][ T441] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.832899][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 444] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 444] close(3) = 0
[pid 444] close(4) = 0
[pid 444] mkdir("./file1", 0777) = 0
[pid 444] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 444] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 444] chdir("./file1") = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 444] ioctl(4, LOOP_CLR_FD) = 0
[pid 444] close(4) = 0
[pid 444] chdir("./file0") = 0
[pid 444] creat("./bus", 000) = 4
[pid 444] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 444] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 444] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 444] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 444] exit_group(0) = ?
[pid 444] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./44/file1/lost+found") = 0
umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./44/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/file0") = 0
umount2("./44/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/file1") = 0
umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./44/file1/file0") = 0
umount2("./44/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file1") = 0
umount2("./44/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file2") = 0
umount2("./44/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file3") = 0
umount2("./44/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file1") = -1 EBUSY (Device or resource busy)
[ 33.853276][ T444] loop0: detected capacity change from 0 to 1024
[ 33.865367][ T444] EXT4-fs: Ignoring removed orlov option
[ 33.870901][ T444] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 33.887013][ T444] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./44/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 447
./strace-static-x86_64: Process 447 attached
[pid 447] set_robust_list(0x55555607f660, 24) = 0
[pid 447] chdir("./45") = 0
[pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 447] setpgid(0, 0) = 0
[pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 447] write(3, "1000", 4) = 4
[pid 447] close(3) = 0
[pid 447] symlink("/dev/binderfs", "./binderfs") = 0
[pid 447] write(1, "executing program\n", 18executing program
) = 18
[pid 447] memfd_create("syzkaller", 0) = 3
[pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 447] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 447] close(3) = 0
[pid 447] close(4) = 0
[pid 447] mkdir("./file1", 0777) = 0
[ 33.919250][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 33.936114][ T447] loop0: detected capacity change from 0 to 1024
[ 33.943876][ T447] EXT4-fs: Ignoring removed orlov option
[ 33.950435][ T447] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 447] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 447] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 447] chdir("./file1") = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_CLR_FD) = 0
[pid 447] close(4) = 0
[pid 447] chdir("./file0") = 0
[pid 447] creat("./bus", 000) = 4
[pid 447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 447] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 447] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 447] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 447] exit_group(0) = ?
[pid 447] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./45/file1/lost+found") = 0
umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./45/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/file0") = 0
umount2("./45/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/file1") = 0
umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./45/file1/file0") = 0
umount2("./45/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file1") = 0
umount2("./45/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file2") = 0
umount2("./45/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file3") = 0
umount2("./45/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file1") = -1 EBUSY (Device or resource busy)
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./45/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 450
./strace-static-x86_64: Process 450 attached
[pid 450] set_robust_list(0x55555607f660, 24) = 0
[pid 450] chdir("./46") = 0
[pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 450] setpgid(0, 0) = 0
[pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 450] write(3, "1000", 4) = 4
[pid 450] close(3) = 0
[pid 450] symlink("/dev/binderfs", "./binderfs") = 0
[pid 450] write(1, "executing program\n", 18executing program
) = 18
[pid 450] memfd_create("syzkaller", 0) = 3
[pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 450] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.966998][ T447] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.004050][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 450] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 450] close(3) = 0
[pid 450] close(4) = 0
[pid 450] mkdir("./file1", 0777) = 0
[pid 450] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 450] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 450] chdir("./file1") = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_CLR_FD) = 0
[pid 450] close(4) = 0
[pid 450] chdir("./file0") = 0
[pid 450] creat("./bus", 000) = 4
[pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 450] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 450] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 450] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 450] exit_group(0) = ?
[pid 450] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./46/file1/lost+found") = 0
umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./46/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/file0") = 0
umount2("./46/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/file1") = 0
umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./46/file1/file0") = 0
umount2("./46/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file1") = 0
umount2("./46/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file2") = 0
umount2("./46/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file3") = 0
umount2("./46/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file1") = -1 EBUSY (Device or resource busy)
[ 34.023880][ T450] loop0: detected capacity change from 0 to 1024
[ 34.033536][ T450] EXT4-fs: Ignoring removed orlov option
[ 34.039207][ T450] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 34.057161][ T450] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./46/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 453
./strace-static-x86_64: Process 453 attached
[pid 453] set_robust_list(0x55555607f660, 24) = 0
[pid 453] chdir("./47") = 0
[pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 453] setpgid(0, 0) = 0
[pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 453] write(3, "1000", 4) = 4
[pid 453] close(3) = 0
[pid 453] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 453] write(1, "executing program\n", 18) = 18
[pid 453] memfd_create("syzkaller", 0) = 3
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 453] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 453] close(3) = 0
[pid 453] close(4) = 0
[pid 453] mkdir("./file1", 0777) = 0
[ 34.088679][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.111141][ T453] loop0: detected capacity change from 0 to 1024
[ 34.120769][ T453] EXT4-fs: Ignoring removed orlov option
[ 34.126724][ T453] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 453] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 453] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 453] chdir("./file1") = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_CLR_FD) = 0
[pid 453] close(4) = 0
[pid 453] chdir("./file0") = 0
[pid 453] creat("./bus", 000) = 4
[pid 453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 453] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 453] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 453] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 453] exit_group(0) = ?
[pid 453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./47/file1/lost+found") = 0
umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./47/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/file0") = 0
umount2("./47/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/file1") = 0
umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./47/file1/file0") = 0
umount2("./47/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file1") = 0
umount2("./47/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file2") = 0
umount2("./47/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file3") = 0
umount2("./47/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file1") = -1 EBUSY (Device or resource busy)
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./47/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 456
./strace-static-x86_64: Process 456 attached
[pid 456] set_robust_list(0x55555607f660, 24) = 0
[pid 456] chdir("./48") = 0
[pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 456] setpgid(0, 0) = 0
[pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 456] write(3, "1000", 4) = 4
[pid 456] close(3) = 0
[pid 456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 456] write(1, "executing program\n", 18executing program
) = 18
[pid 456] memfd_create("syzkaller", 0) = 3
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 456] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.137096][ T453] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.167039][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 456] close(3) = 0
[pid 456] close(4) = 0
[pid 456] mkdir("./file1", 0777) = 0
[pid 456] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 456] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 456] chdir("./file1") = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_CLR_FD) = 0
[pid 456] close(4) = 0
[pid 456] chdir("./file0") = 0
[pid 456] creat("./bus", 000) = 4
[pid 456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 456] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 456] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 456] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 456] exit_group(0) = ?
[pid 456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./48/file1/lost+found") = 0
umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./48/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/file0") = 0
umount2("./48/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/file1") = 0
umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./48/file1/file0") = 0
umount2("./48/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file1") = 0
umount2("./48/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file2") = 0
umount2("./48/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file3") = 0
umount2("./48/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file1") = -1 EBUSY (Device or resource busy)
[ 34.190299][ T456] loop0: detected capacity change from 0 to 1024
[ 34.200289][ T456] EXT4-fs: Ignoring removed orlov option
[ 34.205869][ T456] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 34.222979][ T456] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./48/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 460
./strace-static-x86_64: Process 460 attached
[pid 460] set_robust_list(0x55555607f660, 24) = 0
[pid 460] chdir("./49") = 0
[pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 460] setpgid(0, 0) = 0
[pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 460] write(3, "1000", 4) = 4
[pid 460] close(3) = 0
[pid 460] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 460] write(1, "executing program\n", 18) = 18
[pid 460] memfd_create("syzkaller", 0) = 3
[pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 460] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 460] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 460] close(3) = 0
[pid 460] close(4) = 0
[pid 460] mkdir("./file1", 0777) = 0
[ 34.258490][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.280653][ T460] loop0: detected capacity change from 0 to 1024
[ 34.287826][ T460] EXT4-fs: Ignoring removed orlov option
[ 34.294227][ T460] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 460] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 460] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 460] chdir("./file1") = 0
[pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 460] ioctl(4, LOOP_CLR_FD) = 0
[pid 460] close(4) = 0
[pid 460] chdir("./file0") = 0
[pid 460] creat("./bus", 000) = 4
[pid 460] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 460] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 460] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 460] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 460] exit_group(0) = ?
[pid 460] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=460, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./49/file1/lost+found") = 0
umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./49/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/file0") = 0
umount2("./49/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/file1") = 0
umount2("./49/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./49/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./49/file1/file0") = 0
umount2("./49/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file1") = 0
umount2("./49/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file2") = 0
umount2("./49/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file3") = 0
umount2("./49/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file1") = -1 EBUSY (Device or resource busy)
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./49/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 463
./strace-static-x86_64: Process 463 attached
[pid 463] set_robust_list(0x55555607f660, 24) = 0
[pid 463] chdir("./50") = 0
[pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 463] setpgid(0, 0) = 0
[pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 463] write(3, "1000", 4) = 4
[pid 463] close(3) = 0
[pid 463] symlink("/dev/binderfs", "./binderfs") = 0
[pid 463] write(1, "executing program\n", 18executing program
) = 18
[pid 463] memfd_create("syzkaller", 0) = 3
[pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 463] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.307425][ T460] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.335812][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 463] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 463] close(3) = 0
[pid 463] close(4) = 0
[pid 463] mkdir("./file1", 0777) = 0
[pid 463] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 463] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 463] chdir("./file1") = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 463] ioctl(4, LOOP_CLR_FD) = 0
[pid 463] close(4) = 0
[pid 463] chdir("./file0") = 0
[pid 463] creat("./bus", 000) = 4
[pid 463] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 463] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 463] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 463] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 463] exit_group(0) = ?
[pid 463] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=463, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./50/file1/lost+found") = 0
umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./50/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/file0") = 0
umount2("./50/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/file1") = 0
umount2("./50/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./50/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./50/file1/file0") = 0
umount2("./50/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file1") = 0
umount2("./50/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file2") = 0
umount2("./50/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file3") = 0
umount2("./50/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file1") = -1 EBUSY (Device or resource busy)
[ 34.358416][ T463] loop0: detected capacity change from 0 to 1024
[ 34.369227][ T463] EXT4-fs: Ignoring removed orlov option
[ 34.374728][ T463] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 34.387072][ T463] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./50/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 466
./strace-static-x86_64: Process 466 attached
[pid 466] set_robust_list(0x55555607f660, 24) = 0
[pid 466] chdir("./51") = 0
[pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 466] setpgid(0, 0) = 0
[pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 466] write(3, "1000", 4) = 4
[pid 466] close(3) = 0
[pid 466] symlink("/dev/binderfs", "./binderfs") = 0
[pid 466] write(1, "executing program\n", 18executing program
) = 18
[pid 466] memfd_create("syzkaller", 0) = 3
[pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 466] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 466] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 466] close(3) = 0
[pid 466] close(4) = 0
[pid 466] mkdir("./file1", 0777) = 0
[ 34.421021][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.443260][ T466] loop0: detected capacity change from 0 to 1024
[ 34.453061][ T466] EXT4-fs: Ignoring removed orlov option
[ 34.458616][ T466] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 466] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 466] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 466] chdir("./file1") = 0
[pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 466] ioctl(4, LOOP_CLR_FD) = 0
[pid 466] close(4) = 0
[pid 466] chdir("./file0") = 0
[pid 466] creat("./bus", 000) = 4
[pid 466] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 466] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 466] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 466] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 466] exit_group(0) = ?
[pid 466] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=466, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./51/file1/lost+found") = 0
umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./51/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/file0") = 0
umount2("./51/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/file1") = 0
umount2("./51/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./51/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./51/file1/file0") = 0
umount2("./51/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file1") = 0
umount2("./51/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file2") = 0
umount2("./51/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file3") = 0
umount2("./51/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file1") = -1 EBUSY (Device or resource busy)
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./51/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 469
./strace-static-x86_64: Process 469 attached
[pid 469] set_robust_list(0x55555607f660, 24) = 0
[pid 469] chdir("./52") = 0
[pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 469] setpgid(0, 0) = 0
[pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 469] write(3, "1000", 4) = 4
[pid 469] close(3) = 0
[pid 469] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 469] write(1, "executing program\n", 18) = 18
[pid 469] memfd_create("syzkaller", 0) = 3
[pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 469] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.477095][ T466] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.507537][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 469] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 469] close(3) = 0
[pid 469] close(4) = 0
[pid 469] mkdir("./file1", 0777) = 0
[pid 469] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 469] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 469] chdir("./file1") = 0
[pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 469] ioctl(4, LOOP_CLR_FD) = 0
[pid 469] close(4) = 0
[pid 469] chdir("./file0") = 0
[pid 469] creat("./bus", 000) = 4
[pid 469] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 469] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 469] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 469] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 469] exit_group(0) = ?
[pid 469] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=469, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./52/file1/lost+found") = 0
umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./52/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/file0") = 0
umount2("./52/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/file1") = 0
umount2("./52/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./52/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./52/file1/file0") = 0
umount2("./52/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file1") = 0
umount2("./52/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file2") = 0
umount2("./52/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file3") = 0
umount2("./52/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file1") = -1 EBUSY (Device or resource busy)
[ 34.530486][ T469] loop0: detected capacity change from 0 to 1024
[ 34.540116][ T469] EXT4-fs: Ignoring removed orlov option
[ 34.545638][ T469] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 34.557658][ T469] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./52/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 473
./strace-static-x86_64: Process 473 attached
[pid 473] set_robust_list(0x55555607f660, 24) = 0
[pid 473] chdir("./53") = 0
[pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 473] setpgid(0, 0) = 0
[pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 473] write(3, "1000", 4) = 4
[pid 473] close(3) = 0
[pid 473] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 473] write(1, "executing program\n", 18) = 18
[pid 473] memfd_create("syzkaller", 0) = 3
[pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 473] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 473] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 473] close(3) = 0
[pid 473] close(4) = 0
[pid 473] mkdir("./file1", 0777) = 0
[ 34.601298][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.623092][ T473] loop0: detected capacity change from 0 to 1024
[ 34.632860][ T473] EXT4-fs: Ignoring removed orlov option
[ 34.638567][ T473] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 473] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 473] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 473] chdir("./file1") = 0
[pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 473] ioctl(4, LOOP_CLR_FD) = 0
[pid 473] close(4) = 0
[pid 473] chdir("./file0") = 0
[pid 473] creat("./bus", 000) = 4
[pid 473] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 473] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 473] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 473] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 473] exit_group(0) = ?
[pid 473] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=473, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./53/file1/lost+found") = 0
umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./53/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/file0") = 0
umount2("./53/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/file1") = 0
umount2("./53/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./53/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./53/file1/file0") = 0
umount2("./53/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file1") = 0
umount2("./53/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file2") = 0
umount2("./53/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file3") = 0
umount2("./53/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file1") = -1 EBUSY (Device or resource busy)
[ 34.647012][ T473] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./53/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 476
./strace-static-x86_64: Process 476 attached
[pid 476] set_robust_list(0x55555607f660, 24) = 0
[pid 476] chdir("./54") = 0
[pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 476] setpgid(0, 0) = 0
[pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 476] write(3, "1000", 4) = 4
[pid 476] close(3) = 0
[pid 476] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 476] write(1, "executing program\n", 18) = 18
[pid 476] memfd_create("syzkaller", 0) = 3
[pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 476] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 476] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 476] close(3) = 0
[pid 476] close(4) = 0
[pid 476] mkdir("./file1", 0777) = 0
[ 34.681010][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.704462][ T476] loop0: detected capacity change from 0 to 1024
[ 34.717168][ T476] EXT4-fs: Ignoring removed orlov option
[ 34.722636][ T476] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 476] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 476] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 476] chdir("./file1") = 0
[pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 476] ioctl(4, LOOP_CLR_FD) = 0
[pid 476] close(4) = 0
[pid 476] chdir("./file0") = 0
[pid 476] creat("./bus", 000) = 4
[pid 476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 476] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 476] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 476] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 476] exit_group(0) = ?
[pid 476] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=476, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./54/file1/lost+found") = 0
umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./54/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/file0") = 0
umount2("./54/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/file1") = 0
umount2("./54/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./54/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./54/file1/file0") = 0
umount2("./54/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file1") = 0
umount2("./54/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file2") = 0
umount2("./54/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file3") = 0
umount2("./54/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file1") = -1 EBUSY (Device or resource busy)
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./54/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 479
./strace-static-x86_64: Process 479 attached
[pid 479] set_robust_list(0x55555607f660, 24) = 0
[pid 479] chdir("./55") = 0
[pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 479] setpgid(0, 0) = 0
[pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 479] write(3, "1000", 4) = 4
[pid 479] close(3) = 0
[pid 479] symlink("/dev/binderfs", "./binderfs") = 0
[pid 479] write(1, "executing program\n", 18executing program
) = 18
[pid 479] memfd_create("syzkaller", 0) = 3
[pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 479] munmap(0x7fe51c9ee000, 138412032) = 0
[ 34.746994][ T476] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.780004][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 479] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 479] close(3) = 0
[pid 479] close(4) = 0
[pid 479] mkdir("./file1", 0777) = 0
[pid 479] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 479] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 479] chdir("./file1") = 0
[pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 479] ioctl(4, LOOP_CLR_FD) = 0
[pid 479] close(4) = 0
[pid 479] chdir("./file0") = 0
[pid 479] creat("./bus", 000) = 4
[pid 479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 479] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 479] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 479] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 479] exit_group(0) = ?
[pid 479] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=479, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./55/file1/lost+found") = 0
umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./55/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/file0") = 0
umount2("./55/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/file1") = 0
umount2("./55/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./55/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./55/file1/file0") = 0
umount2("./55/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file1") = 0
umount2("./55/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file2") = 0
umount2("./55/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file3") = 0
umount2("./55/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file1") = -1 EBUSY (Device or resource busy)
[ 34.803998][ T479] loop0: detected capacity change from 0 to 1024
[ 34.814497][ T479] EXT4-fs: Ignoring removed orlov option
[ 34.820442][ T479] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 34.837163][ T479] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./55/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 482
./strace-static-x86_64: Process 482 attached
[pid 482] set_robust_list(0x55555607f660, 24) = 0
[pid 482] chdir("./56") = 0
[pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 482] setpgid(0, 0) = 0
[pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 482] write(3, "1000", 4) = 4
[pid 482] close(3) = 0
[pid 482] symlink("/dev/binderfs", "./binderfs") = 0
[pid 482] write(1, "executing program\n", 18) = 18
[pid 482] memfd_create("syzkaller", 0) = 3
[pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 482] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 482] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 482] close(3) = 0
[pid 482] close(4) = 0
[pid 482] mkdir("./file1", 0777) = 0
[ 34.872907][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.889668][ T482] loop0: detected capacity change from 0 to 1024
[ 34.897036][ T482] EXT4-fs: Ignoring removed orlov option
[ 34.902653][ T482] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 482] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 482] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 482] chdir("./file1") = 0
[pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 482] ioctl(4, LOOP_CLR_FD) = 0
[pid 482] close(4) = 0
[pid 482] chdir("./file0") = 0
[pid 482] creat("./bus", 000) = 4
[pid 482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 482] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 482] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 482] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 482] exit_group(0) = ?
[pid 482] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./56/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./56/file1/lost+found") = 0
umount2("./56/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./56/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file0/file0") = 0
umount2("./56/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file0/file1") = 0
umount2("./56/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./56/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./56/file1/file0") = 0
umount2("./56/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file1") = 0
umount2("./56/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file2") = 0
umount2("./56/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file3") = 0
umount2("./56/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file1") = -1 EBUSY (Device or resource busy)
[ 34.917124][ T482] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./56/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 485
./strace-static-x86_64: Process 485 attached
[pid 485] set_robust_list(0x55555607f660, 24) = 0
[pid 485] chdir("./57") = 0
[pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 485] setpgid(0, 0) = 0
[pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 485] write(3, "1000", 4) = 4
[pid 485] close(3) = 0
[pid 485] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 485] write(1, "executing program\n", 18) = 18
[pid 485] memfd_create("syzkaller", 0) = 3
[pid 485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 485] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 485] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 485] close(3) = 0
[pid 485] close(4) = 0
[pid 485] mkdir("./file1", 0777) = 0
[ 34.955547][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 34.980209][ T485] loop0: detected capacity change from 0 to 1024
[ 34.988102][ T485] EXT4-fs: Ignoring removed orlov option
[ 34.994403][ T485] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 485] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 485] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 485] chdir("./file1") = 0
[pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 485] ioctl(4, LOOP_CLR_FD) = 0
[pid 485] close(4) = 0
[pid 485] chdir("./file0") = 0
[pid 485] creat("./bus", 000) = 4
[pid 485] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 485] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 485] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 485] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 485] exit_group(0) = ?
[pid 485] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=485, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./57/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./57/file1/lost+found") = 0
umount2("./57/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./57/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file0/file0") = 0
umount2("./57/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file0/file1") = 0
umount2("./57/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./57/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./57/file1/file0") = 0
umount2("./57/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file1") = 0
umount2("./57/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file2") = 0
umount2("./57/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file3") = 0
umount2("./57/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file1") = -1 EBUSY (Device or resource busy)
umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./57/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 488
./strace-static-x86_64: Process 488 attached
[pid 488] set_robust_list(0x55555607f660, 24) = 0
[pid 488] chdir("./58") = 0
[pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 488] setpgid(0, 0) = 0
[pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 488] write(3, "1000", 4) = 4
[pid 488] close(3) = 0
[pid 488] symlink("/dev/binderfs", "./binderfs") = 0
[pid 488] write(1, "executing program\n", 18executing program
) = 18
[pid 488] memfd_create("syzkaller", 0) = 3
[pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 488] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 35.007064][ T485] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.035128][ T303] EXT4-fs (loop0): unmounting filesystem.
[pid 488] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 488] close(3) = 0
[pid 488] close(4) = 0
[pid 488] mkdir("./file1", 0777) = 0
[pid 488] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 488] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 488] chdir("./file1") = 0
[pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 488] ioctl(4, LOOP_CLR_FD) = 0
[pid 488] close(4) = 0
[pid 488] chdir("./file0") = 0
[pid 488] creat("./bus", 000) = 4
[pid 488] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 488] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 488] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 488] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 488] exit_group(0) = ?
[pid 488] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./58/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./58/file1/lost+found") = 0
umount2("./58/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./58/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file0/file0") = 0
umount2("./58/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file0/file1") = 0
umount2("./58/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./58/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./58/file1/file0") = 0
umount2("./58/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file1") = 0
umount2("./58/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file2") = 0
umount2("./58/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file3") = 0
umount2("./58/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file1") = -1 EBUSY (Device or resource busy)
[ 35.057965][ T488] loop0: detected capacity change from 0 to 1024
[ 35.067508][ T488] EXT4-fs: Ignoring removed orlov option
[ 35.073118][ T488] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 35.087268][ T488] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./58/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 491
./strace-static-x86_64: Process 491 attached
[pid 491] set_robust_list(0x55555607f660, 24) = 0
[pid 491] chdir("./59") = 0
[pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 491] setpgid(0, 0) = 0
[pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 491] write(3, "1000", 4) = 4
[pid 491] close(3) = 0
[pid 491] symlink("/dev/binderfs", "./binderfs") = 0
[pid 491] write(1, "executing program\n", 18executing program
) = 18
[pid 491] memfd_create("syzkaller", 0) = 3
[pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 491] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 491] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 491] close(3) = 0
[pid 491] close(4) = 0
[pid 491] mkdir("./file1", 0777) = 0
[pid 491] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 491] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 491] chdir("./file1") = 0
[pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 491] ioctl(4, LOOP_CLR_FD) = 0
[pid 491] close(4) = 0
[pid 491] chdir("./file0") = 0
[pid 491] creat("./bus", 000) = 4
[pid 491] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 491] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 491] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 491] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 491] exit_group(0) = ?
[pid 491] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=491, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./59/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./59/file1/lost+found") = 0
umount2("./59/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./59/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file0/file0") = 0
umount2("./59/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file0/file1") = 0
umount2("./59/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./59/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./59/file1/file0") = 0
umount2("./59/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file1") = 0
umount2("./59/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file2") = 0
umount2("./59/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file3") = 0
umount2("./59/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file1") = -1 EBUSY (Device or resource busy)
umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 35.124921][ T303] EXT4-fs (loop0): unmounting filesystem.
[ 35.148552][ T491] loop0: detected capacity change from 0 to 1024
[ 35.156952][ T491] EXT4-fs: Ignoring removed orlov option
[ 35.162481][ T491] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./59/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 494
./strace-static-x86_64: Process 494 attached
[pid 494] set_robust_list(0x55555607f660, 24) = 0
[pid 494] chdir("./60") = 0
[pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 494] setpgid(0, 0) = 0
[pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 494] write(3, "1000", 4) = 4
[pid 494] close(3) = 0
[pid 494] symlink("/dev/binderfs", "./binderfs") = 0
[pid 494] write(1, "executing program\n", 18executing program
) = 18
[pid 494] memfd_create("syzkaller", 0) = 3
[pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 494] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 494] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 494] close(3) = 0
[pid 494] close(4) = 0
[pid 494] mkdir("./file1", 0777) = 0
[pid 494] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 494] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 494] chdir("./file1") = 0
[pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 494] ioctl(4, LOOP_CLR_FD) = 0
[pid 494] close(4) = 0
[pid 494] chdir("./file0") = 0
[pid 494] creat("./bus", 000) = 4
[pid 494] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 494] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 494] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 494] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 494] exit_group(0) = ?
[pid 494] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=494, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./60/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./60/file1/lost+found") = 0
umount2("./60/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./60/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file0/file0") = 0
umount2("./60/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file0/file1") = 0
umount2("./60/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./60/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./60/file1/file0") = 0
umount2("./60/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file1") = 0
umount2("./60/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file2") = 0
umount2("./60/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file3") = 0
umount2("./60/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file1") = -1 EBUSY (Device or resource busy)
umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./60/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 497
./strace-static-x86_64: Process 497 attached
[pid 497] set_robust_list(0x55555607f660, 24) = 0
[pid 497] chdir("./61") = 0
[pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 497] setpgid(0, 0) = 0
[pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 497] write(3, "1000", 4) = 4
[pid 497] close(3) = 0
[pid 497] symlink("/dev/binderfs", "./binderfs") = 0
[pid 497] write(1, "executing program\n", 18executing program
) = 18
[pid 497] memfd_create("syzkaller", 0) = 3
[pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 497] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 35.218721][ T494] loop0: detected capacity change from 0 to 1024
[ 35.227752][ T494] EXT4-fs: Ignoring removed orlov option
[ 35.236136][ T494] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 497] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 497] close(3) = 0
[pid 497] close(4) = 0
[pid 497] mkdir("./file1", 0777) = 0
[pid 497] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 497] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 497] chdir("./file1") = 0
[pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 497] ioctl(4, LOOP_CLR_FD) = 0
[pid 497] close(4) = 0
[pid 497] chdir("./file0") = 0
[pid 497] creat("./bus", 000) = 4
[pid 497] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 497] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 497] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 497] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 497] exit_group(0) = ?
[pid 497] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=497, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./61/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./61/file1/lost+found") = 0
umount2("./61/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./61/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file0/file0") = 0
umount2("./61/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file0/file1") = 0
umount2("./61/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./61/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./61/file1/file0") = 0
umount2("./61/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file1") = 0
umount2("./61/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file2") = 0
umount2("./61/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file3") = 0
umount2("./61/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file1") = -1 EBUSY (Device or resource busy)
umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./61/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 35.275994][ T497] loop0: detected capacity change from 0 to 1024
[ 35.283891][ T497] EXT4-fs: Ignoring removed orlov option
[ 35.289517][ T497] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 500
./strace-static-x86_64: Process 500 attached
[pid 500] set_robust_list(0x55555607f660, 24) = 0
[pid 500] chdir("./62") = 0
[pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 500] setpgid(0, 0) = 0
[pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 500] write(3, "1000", 4) = 4
[pid 500] close(3) = 0
[pid 500] symlink("/dev/binderfs", "./binderfs") = 0
[pid 500] write(1, "executing program\n", 18executing program
) = 18
[pid 500] memfd_create("syzkaller", 0) = 3
[pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 500] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 500] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 500] close(3) = 0
[pid 500] close(4) = 0
[pid 500] mkdir("./file1", 0777) = 0
[pid 500] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 500] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 500] chdir("./file1") = 0
[pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 500] ioctl(4, LOOP_CLR_FD) = 0
[pid 500] close(4) = 0
[pid 500] chdir("./file0") = 0
[pid 500] creat("./bus", 000) = 4
[pid 500] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 500] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 500] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 500] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 500] exit_group(0) = ?
[pid 500] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=500, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./62/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./62/file1/lost+found") = 0
umount2("./62/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 35.347402][ T500] loop0: detected capacity change from 0 to 1024
[ 35.357039][ T500] EXT4-fs: Ignoring removed orlov option
[ 35.362548][ T500] EXT4-fs: Ignoring removed nomblk_io_submit option
openat(AT_FDCWD, "./62/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./62/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file0/file0") = 0
umount2("./62/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file0/file1") = 0
umount2("./62/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./62/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./62/file1/file0") = 0
umount2("./62/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file1") = 0
umount2("./62/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file2") = 0
umount2("./62/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file3") = 0
umount2("./62/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file1") = -1 EBUSY (Device or resource busy)
umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./62/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 503
./strace-static-x86_64: Process 503 attached
[pid 503] set_robust_list(0x55555607f660, 24) = 0
[pid 503] chdir("./63") = 0
[pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 503] setpgid(0, 0) = 0
[pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 503] write(3, "1000", 4) = 4
[pid 503] close(3) = 0
[pid 503] symlink("/dev/binderfs", "./binderfs") = 0
[pid 503] write(1, "executing program\n", 18executing program
) = 18
[pid 503] memfd_create("syzkaller", 0) = 3
[pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 503] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 503] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 503] close(3) = 0
[pid 503] close(4) = 0
[pid 503] mkdir("./file1", 0777) = 0
[pid 503] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 503] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 503] chdir("./file1") = 0
[pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 503] ioctl(4, LOOP_CLR_FD) = 0
[pid 503] close(4) = 0
[pid 503] chdir("./file0") = 0
[pid 503] creat("./bus", 000) = 4
[pid 503] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 503] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 503] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 503] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 503] exit_group(0) = ?
[pid 503] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=503, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./63/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./63/file1/lost+found") = 0
umount2("./63/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./63/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file0/file0") = 0
umount2("./63/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file0/file1") = 0
umount2("./63/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./63/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./63/file1/file0") = 0
umount2("./63/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file1") = 0
umount2("./63/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file2") = 0
umount2("./63/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file3") = 0
umount2("./63/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file1") = -1 EBUSY (Device or resource busy)
umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./63/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 35.431584][ T503] loop0: detected capacity change from 0 to 1024
[ 35.441151][ T503] EXT4-fs: Ignoring removed orlov option
[ 35.446864][ T503] EXT4-fs: Ignoring removed nomblk_io_submit option
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 506
./strace-static-x86_64: Process 506 attached
[pid 506] set_robust_list(0x55555607f660, 24) = 0
[pid 506] chdir("./64") = 0
[pid 506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 506] setpgid(0, 0) = 0
[pid 506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 506] write(3, "1000", 4) = 4
[pid 506] close(3) = 0
[pid 506] symlink("/dev/binderfs", "./binderfs") = 0
[pid 506] write(1, "executing program\n", 18executing program
) = 18
[pid 506] memfd_create("syzkaller", 0) = 3
[pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 506] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 506] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 506] close(3) = 0
[pid 506] close(4) = 0
[pid 506] mkdir("./file1", 0777) = 0
[pid 506] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 506] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 506] chdir("./file1") = 0
[pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 506] ioctl(4, LOOP_CLR_FD) = 0
[pid 506] close(4) = 0
[pid 506] chdir("./file0") = 0
[pid 506] creat("./bus", 000) = 4
[pid 506] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 506] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 506] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 506] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 506] exit_group(0) = ?
[pid 506] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=506, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./64/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./64/file1/lost+found") = 0
umount2("./64/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./64/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file0/file0") = 0
umount2("./64/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file0/file1") = 0
umount2("./64/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./64/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./64/file1/file0") = 0
umount2("./64/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file1") = 0
umount2("./64/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file2") = 0
umount2("./64/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file3") = 0
umount2("./64/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file1") = -1 EBUSY (Device or resource busy)
[ 35.500966][ T506] loop0: detected capacity change from 0 to 1024
[ 35.511612][ T506] EXT4-fs: Ignoring removed orlov option
[ 35.517182][ T506] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./64/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 509 attached
[pid 509] set_robust_list(0x55555607f660, 24) = 0
[pid 509] chdir("./65") = 0
[pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 509] setpgid(0, 0) = 0
[pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 509] write(3, "1000", 4) = 4
[pid 509] close(3) = 0
[pid 509] symlink("/dev/binderfs", "./binderfs") = 0
[pid 509] write(1, "executing program\n", 18executing program
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 509
[pid 509] <... write resumed>) = 18
[pid 509] memfd_create("syzkaller", 0) = 3
[pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 509] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 509] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 509] close(3) = 0
[pid 509] close(4) = 0
[pid 509] mkdir("./file1", 0777) = 0
[pid 509] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 509] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 509] chdir("./file1") = 0
[pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 509] ioctl(4, LOOP_CLR_FD) = 0
[pid 509] close(4) = 0
[pid 509] chdir("./file0") = 0
[pid 509] creat("./bus", 000) = 4
[pid 509] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 509] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 509] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 509] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 509] exit_group(0) = ?
[pid 509] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=509, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./65/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./65/file1/lost+found") = 0
umount2("./65/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./65/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file0/file0") = 0
umount2("./65/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file0/file1") = 0
umount2("./65/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./65/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./65/file1/file0") = 0
umount2("./65/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file1") = 0
umount2("./65/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file2") = 0
umount2("./65/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file3") = 0
umount2("./65/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file1") = -1 EBUSY (Device or resource busy)
[ 35.575164][ T509] loop0: detected capacity change from 0 to 1024
[ 35.583584][ T509] EXT4-fs: Ignoring removed orlov option
[ 35.589255][ T509] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./65/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 514
./strace-static-x86_64: Process 514 attached
[pid 514] set_robust_list(0x55555607f660, 24) = 0
[pid 514] chdir("./66") = 0
[pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 514] setpgid(0, 0) = 0
[pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 514] write(3, "1000", 4) = 4
[pid 514] close(3) = 0
[pid 514] symlink("/dev/binderfs", "./binderfs") = 0
[pid 514] write(1, "executing program\n", 18executing program
) = 18
[pid 514] memfd_create("syzkaller", 0) = 3
[pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 514] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 514] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 514] close(3) = 0
[pid 514] close(4) = 0
[pid 514] mkdir("./file1", 0777) = 0
[pid 514] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 514] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 514] chdir("./file1") = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 514] ioctl(4, LOOP_CLR_FD) = 0
[pid 514] close(4) = 0
[pid 514] chdir("./file0") = 0
[pid 514] creat("./bus", 000) = 4
[pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 514] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 514] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 514] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 514] exit_group(0) = ?
[pid 514] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./66/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./66/file1/lost+found") = 0
umount2("./66/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./66/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file0/file0") = 0
umount2("./66/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file0/file1") = 0
umount2("./66/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./66/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./66/file1/file0") = 0
umount2("./66/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file1") = 0
umount2("./66/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file2") = 0
umount2("./66/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file3") = 0
umount2("./66/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file1") = -1 EBUSY (Device or resource busy)
umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 35.649998][ T514] loop0: detected capacity change from 0 to 1024
[ 35.659506][ T514] EXT4-fs: Ignoring removed orlov option
[ 35.665022][ T514] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./66/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 517
./strace-static-x86_64: Process 517 attached
[pid 517] set_robust_list(0x55555607f660, 24) = 0
[pid 517] chdir("./67") = 0
[pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 517] setpgid(0, 0) = 0
[pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 517] write(3, "1000", 4) = 4
[pid 517] close(3) = 0
[pid 517] symlink("/dev/binderfs", "./binderfs") = 0
[pid 517] write(1, "executing program\n", 18executing program
) = 18
[pid 517] memfd_create("syzkaller", 0) = 3
[pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 517] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 517] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 517] close(3) = 0
[pid 517] close(4) = 0
[pid 517] mkdir("./file1", 0777) = 0
[pid 517] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 517] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 517] chdir("./file1") = 0
[pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 517] ioctl(4, LOOP_CLR_FD) = 0
[pid 517] close(4) = 0
[pid 517] chdir("./file0") = 0
[pid 517] creat("./bus", 000) = 4
[pid 517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 517] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 517] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 517] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 517] exit_group(0) = ?
[pid 517] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./67/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./67/file1/lost+found") = 0
[ 35.726010][ T517] loop0: detected capacity change from 0 to 1024
[ 35.736016][ T517] EXT4-fs: Ignoring removed orlov option
[ 35.741626][ T517] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./67/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./67/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file0/file0") = 0
umount2("./67/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file0/file1") = 0
umount2("./67/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./67/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./67/file1/file0") = 0
umount2("./67/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file1") = 0
umount2("./67/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file2") = 0
umount2("./67/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file3") = 0
umount2("./67/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file1") = -1 EBUSY (Device or resource busy)
umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./67/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 520
./strace-static-x86_64: Process 520 attached
[pid 520] set_robust_list(0x55555607f660, 24) = 0
[pid 520] chdir("./68") = 0
[pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 520] setpgid(0, 0) = 0
[pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 520] write(3, "1000", 4) = 4
[pid 520] close(3) = 0
[pid 520] symlink("/dev/binderfs", "./binderfs") = 0
[pid 520] write(1, "executing program\n", 18) = 18
[pid 520] memfd_create("syzkaller", 0) = 3
[pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 520] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 520] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 520] close(3) = 0
[pid 520] close(4) = 0
[pid 520] mkdir("./file1", 0777) = 0
[pid 520] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 520] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 520] chdir("./file1") = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 520] ioctl(4, LOOP_CLR_FD) = 0
[pid 520] close(4) = 0
[pid 520] chdir("./file0") = 0
[pid 520] creat("./bus", 000) = 4
[pid 520] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 520] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 520] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 520] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 520] exit_group(0) = ?
[pid 520] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./68/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./68/file1/lost+found") = 0
umount2("./68/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./68/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file0/file0") = 0
umount2("./68/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file0/file1") = 0
umount2("./68/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./68/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./68/file1/file0") = 0
umount2("./68/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file1") = 0
umount2("./68/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file2") = 0
umount2("./68/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file3") = 0
umount2("./68/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file1") = -1 EBUSY (Device or resource busy)
umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./68/file1") = 0
[ 35.804716][ T520] loop0: detected capacity change from 0 to 1024
[ 35.813894][ T520] EXT4-fs: Ignoring removed orlov option
[ 35.820074][ T520] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 523 attached
[pid 523] set_robust_list(0x55555607f660, 24) = 0
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 523
[pid 523] chdir("./69") = 0
[pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 523] setpgid(0, 0) = 0
[pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 523] write(3, "1000", 4) = 4
[pid 523] close(3) = 0
[pid 523] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 523] write(1, "executing program\n", 18) = 18
[pid 523] memfd_create("syzkaller", 0) = 3
[pid 523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 523] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 523] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 523] close(3) = 0
[pid 523] close(4) = 0
[pid 523] mkdir("./file1", 0777) = 0
[pid 523] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 523] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 523] chdir("./file1") = 0
[pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 523] ioctl(4, LOOP_CLR_FD) = 0
[pid 523] close(4) = 0
[pid 523] chdir("./file0") = 0
[pid 523] creat("./bus", 000) = 4
[pid 523] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 523] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 523] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 523] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 523] exit_group(0) = ?
[pid 523] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./69/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./69/file1/lost+found") = 0
umount2("./69/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./69/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file0/file0") = 0
umount2("./69/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file0/file1") = 0
umount2("./69/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./69/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./69/file1/file0") = 0
umount2("./69/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file1") = 0
umount2("./69/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file2") = 0
umount2("./69/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file3") = 0
umount2("./69/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file1") = -1 EBUSY (Device or resource busy)
umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./69/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
[ 35.877355][ T523] loop0: detected capacity change from 0 to 1024
[ 35.885154][ T523] EXT4-fs: Ignoring removed orlov option
[ 35.891523][ T523] EXT4-fs: Ignoring removed nomblk_io_submit option
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 526
./strace-static-x86_64: Process 526 attached
[pid 526] set_robust_list(0x55555607f660, 24) = 0
[pid 526] chdir("./70") = 0
[pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 526] setpgid(0, 0) = 0
[pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 526] write(3, "1000", 4) = 4
[pid 526] close(3) = 0
[pid 526] symlink("/dev/binderfs", "./binderfs") = 0
[pid 526] write(1, "executing program\n", 18executing program
) = 18
[pid 526] memfd_create("syzkaller", 0) = 3
[pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 526] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 526] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 526] close(3) = 0
[pid 526] close(4) = 0
[pid 526] mkdir("./file1", 0777) = 0
[pid 526] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 526] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 526] chdir("./file1") = 0
[pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 526] ioctl(4, LOOP_CLR_FD) = 0
[pid 526] close(4) = 0
[pid 526] chdir("./file0") = 0
[pid 526] creat("./bus", 000) = 4
[pid 526] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 526] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 526] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 526] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 526] exit_group(0) = ?
[pid 526] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=526, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./70/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./70/file1/lost+found") = 0
umount2("./70/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./70/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file0/file0") = 0
umount2("./70/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file0/file1") = 0
umount2("./70/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./70/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./70/file1/file0") = 0
umount2("./70/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file1") = 0
umount2("./70/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file2") = 0
umount2("./70/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file3") = 0
umount2("./70/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file1") = -1 EBUSY (Device or resource busy)
umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./70/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
[ 35.948911][ T526] loop0: detected capacity change from 0 to 1024
[ 35.957199][ T526] EXT4-fs: Ignoring removed orlov option
[ 35.963414][ T526] EXT4-fs: Ignoring removed nomblk_io_submit option
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 529
./strace-static-x86_64: Process 529 attached
[pid 529] set_robust_list(0x55555607f660, 24) = 0
[pid 529] chdir("./71") = 0
[pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 529] setpgid(0, 0) = 0
[pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 529] write(3, "1000", 4) = 4
[pid 529] close(3) = 0
[pid 529] symlink("/dev/binderfs", "./binderfs") = 0
[pid 529] write(1, "executing program\n", 18executing program
) = 18
[pid 529] memfd_create("syzkaller", 0) = 3
[pid 529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 529] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 529] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 529] close(3) = 0
[pid 529] close(4) = 0
[pid 529] mkdir("./file1", 0777) = 0
[pid 529] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 529] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 529] chdir("./file1") = 0
[pid 529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 529] ioctl(4, LOOP_CLR_FD) = 0
[pid 529] close(4) = 0
[pid 529] chdir("./file0") = 0
[pid 529] creat("./bus", 000) = 4
[pid 529] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 529] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 529] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 529] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 529] exit_group(0) = ?
[pid 529] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=529, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./71/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./71/file1/lost+found") = 0
umount2("./71/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./71/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file0/file0") = 0
umount2("./71/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file0/file1") = 0
umount2("./71/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./71/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./71/file1/file0") = 0
umount2("./71/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file1") = 0
umount2("./71/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file2") = 0
umount2("./71/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file3") = 0
umount2("./71/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file1") = -1 EBUSY (Device or resource busy)
umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./71/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777executing program
) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 532
./strace-static-x86_64: Process 532 attached
[pid 532] set_robust_list(0x55555607f660, 24) = 0
[pid 532] chdir("./72") = 0
[pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 532] setpgid(0, 0) = 0
[pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 532] write(3, "1000", 4) = 4
[pid 532] close(3) = 0
[pid 532] symlink("/dev/binderfs", "./binderfs") = 0
[pid 532] write(1, "executing program\n", 18) = 18
[pid 532] memfd_create("syzkaller", 0) = 3
[pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[ 36.019441][ T529] loop0: detected capacity change from 0 to 1024
[ 36.029714][ T529] EXT4-fs: Ignoring removed orlov option
[ 36.035177][ T529] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 532] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 532] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 532] close(3) = 0
[pid 532] close(4) = 0
[pid 532] mkdir("./file1", 0777) = 0
[pid 532] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 532] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 532] chdir("./file1") = 0
[pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 532] ioctl(4, LOOP_CLR_FD) = 0
[pid 532] close(4) = 0
[pid 532] chdir("./file0") = 0
[pid 532] creat("./bus", 000) = 4
[pid 532] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 532] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 532] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 532] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 532] exit_group(0) = ?
[pid 532] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=532, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./72/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./72/file1/lost+found") = 0
umount2("./72/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./72/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file0/file0") = 0
umount2("./72/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file0/file1") = 0
umount2("./72/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./72/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./72/file1/file0") = 0
umount2("./72/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file1") = 0
umount2("./72/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file2") = 0
umount2("./72/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file3") = 0
umount2("./72/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file1") = -1 EBUSY (Device or resource busy)
umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./72/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 535
./strace-static-x86_64: Process 535 attached
[pid 535] set_robust_list(0x55555607f660, 24) = 0
[pid 535] chdir("./73") = 0
[pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 535] setpgid(0, 0) = 0
[pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 535] write(3, "1000", 4) = 4
[pid 535] close(3) = 0
[pid 535] symlink("/dev/binderfs", "./binderfs") = 0
[pid 535] write(1, "executing program\n", 18) = 18
[pid 535] memfd_create("syzkaller", 0) = 3
[pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 535] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 36.083568][ T532] loop0: detected capacity change from 0 to 1024
[ 36.090807][ T532] EXT4-fs: Ignoring removed orlov option
[ 36.096612][ T532] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 535] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 535] close(3) = 0
[pid 535] close(4) = 0
[pid 535] mkdir("./file1", 0777) = 0
[pid 535] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 535] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 535] chdir("./file1") = 0
[pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 535] ioctl(4, LOOP_CLR_FD) = 0
[pid 535] close(4) = 0
[pid 535] chdir("./file0") = 0
[pid 535] creat("./bus", 000) = 4
[pid 535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 535] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 535] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 535] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 535] exit_group(0) = ?
[pid 535] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=535, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./73/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./73/file1/lost+found") = 0
umount2("./73/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./73/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file0/file0") = 0
umount2("./73/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file0/file1") = 0
umount2("./73/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./73/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./73/file1/file0") = 0
umount2("./73/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file1") = 0
umount2("./73/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file2") = 0
umount2("./73/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file3") = 0
umount2("./73/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file1") = -1 EBUSY (Device or resource busy)
umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./73/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 538
./strace-static-x86_64: Process 538 attached
[pid 538] set_robust_list(0x55555607f660, 24) = 0
[pid 538] chdir("./74") = 0
[pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 538] setpgid(0, 0) = 0
[pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 538] write(3, "1000", 4) = 4
[pid 538] close(3) = 0
[pid 538] symlink("/dev/binderfs", "./binderfs") = 0
[pid 538] write(1, "executing program\n", 18executing program
) = 18
[pid 538] memfd_create("syzkaller", 0) = 3
[pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[ 36.142649][ T535] loop0: detected capacity change from 0 to 1024
[ 36.151865][ T535] EXT4-fs: Ignoring removed orlov option
[ 36.157832][ T535] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 538] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 538] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 538] close(3) = 0
[pid 538] close(4) = 0
[pid 538] mkdir("./file1", 0777) = 0
[pid 538] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 538] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 538] chdir("./file1") = 0
[pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 538] ioctl(4, LOOP_CLR_FD) = 0
[pid 538] close(4) = 0
[pid 538] chdir("./file0") = 0
[pid 538] creat("./bus", 000) = 4
[pid 538] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 538] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 538] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 538] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 538] exit_group(0) = ?
[pid 538] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=538, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./74/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./74/file1/lost+found") = 0
umount2("./74/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./74/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file0/file0") = 0
umount2("./74/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file0/file1") = 0
umount2("./74/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./74/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./74/file1/file0") = 0
umount2("./74/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file1") = 0
umount2("./74/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file2") = 0
umount2("./74/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file3") = 0
umount2("./74/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file1") = -1 EBUSY (Device or resource busy)
[ 36.206320][ T538] loop0: detected capacity change from 0 to 1024
[ 36.216216][ T538] EXT4-fs: Ignoring removed orlov option
[ 36.221761][ T538] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./74/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 541
./strace-static-x86_64: Process 541 attached
[pid 541] set_robust_list(0x55555607f660, 24) = 0
[pid 541] chdir("./75") = 0
[pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 541] setpgid(0, 0) = 0
[pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 541] write(3, "1000", 4) = 4
[pid 541] close(3) = 0
[pid 541] symlink("/dev/binderfs", "./binderfs") = 0
[pid 541] write(1, "executing program\n", 18executing program
) = 18
[pid 541] memfd_create("syzkaller", 0) = 3
[pid 541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 541] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 541] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 541] close(3) = 0
[pid 541] close(4) = 0
[pid 541] mkdir("./file1", 0777) = 0
[pid 541] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 541] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 541] chdir("./file1") = 0
[pid 541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 541] ioctl(4, LOOP_CLR_FD) = 0
[pid 541] close(4) = 0
[pid 541] chdir("./file0") = 0
[pid 541] creat("./bus", 000) = 4
[pid 541] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 541] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 541] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 541] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 541] exit_group(0) = ?
[pid 541] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=541, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs") = 0
umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./75/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./75/file1/lost+found") = 0
umount2("./75/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./75/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file0/file0") = 0
umount2("./75/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file0/file1") = 0
umount2("./75/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./75/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./75/file1/file0") = 0
umount2("./75/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file1") = 0
umount2("./75/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file2") = 0
umount2("./75/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file3") = 0
umount2("./75/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/file1/file.cold") = 0
[ 36.282597][ T541] loop0: detected capacity change from 0 to 1024
[ 36.294453][ T541] EXT4-fs: Ignoring removed orlov option
[ 36.299990][ T541] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file1") = -1 EBUSY (Device or resource busy)
umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./75/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 544 attached
[pid 544] set_robust_list(0x55555607f660, 24) = 0
[pid 544] chdir("./76") = 0
[pid 544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 544] setpgid(0, 0) = 0
[pid 544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 544] write(3, "1000", 4) = 4
[pid 544] close(3) = 0
[pid 544] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 544] write(1, "executing program\n", 18
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 544
[pid 544] <... write resumed>) = 18
[pid 544] memfd_create("syzkaller", 0) = 3
[pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 544] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 544] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 544] close(3) = 0
[pid 544] close(4) = 0
[pid 544] mkdir("./file1", 0777) = 0
[pid 544] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 544] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 544] chdir("./file1") = 0
[pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 544] ioctl(4, LOOP_CLR_FD) = 0
[pid 544] close(4) = 0
[pid 544] chdir("./file0") = 0
[pid 544] creat("./bus", 000) = 4
[pid 544] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 544] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 544] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 544] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 544] exit_group(0) = ?
[pid 544] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=544, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/binderfs") = 0
umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./76/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./76/file1/lost+found") = 0
umount2("./76/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./76/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file0/file0") = 0
umount2("./76/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file0/file1") = 0
umount2("./76/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./76/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./76/file1/file0") = 0
umount2("./76/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file1") = 0
umount2("./76/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file2") = 0
umount2("./76/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file3") = 0
umount2("./76/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file1") = -1 EBUSY (Device or resource busy)
[ 36.358708][ T544] loop0: detected capacity change from 0 to 1024
[ 36.366786][ T544] EXT4-fs: Ignoring removed orlov option
[ 36.373000][ T544] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./76/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 547
./strace-static-x86_64: Process 547 attached
[pid 547] set_robust_list(0x55555607f660, 24) = 0
[pid 547] chdir("./77") = 0
[pid 547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 547] setpgid(0, 0) = 0
[pid 547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 547] write(3, "1000", 4) = 4
[pid 547] close(3) = 0
[pid 547] symlink("/dev/binderfs", "./binderfs") = 0
[pid 547] write(1, "executing program\n", 18) = 18
[pid 547] memfd_create("syzkaller", 0) = 3
[pid 547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 547] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 547] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 547] close(3) = 0
[pid 547] close(4) = 0
[pid 547] mkdir("./file1", 0777) = 0
[pid 547] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 547] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 547] chdir("./file1") = 0
[pid 547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 547] ioctl(4, LOOP_CLR_FD) = 0
[pid 547] close(4) = 0
[pid 547] chdir("./file0") = 0
[pid 547] creat("./bus", 000) = 4
[pid 547] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 547] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 547] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 547] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 547] exit_group(0) = ?
[pid 547] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=547, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs") = 0
umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./77/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./77/file1/lost+found") = 0
umount2("./77/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 36.426778][ T547] loop0: detected capacity change from 0 to 1024
[ 36.436209][ T547] EXT4-fs: Ignoring removed orlov option
[ 36.441740][ T547] EXT4-fs: Ignoring removed nomblk_io_submit option
newfstatat(AT_FDCWD, "./77/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./77/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file0/file0") = 0
umount2("./77/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file0/file1") = 0
umount2("./77/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./77/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./77/file1/file0") = 0
umount2("./77/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file1") = 0
umount2("./77/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file2") = 0
umount2("./77/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file3") = 0
umount2("./77/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file1") = -1 EBUSY (Device or resource busy)
umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./77/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 550 attached
, child_tidptr=0x55555607f650) = 550
[pid 550] set_robust_list(0x55555607f660, 24) = 0
[pid 550] chdir("./78") = 0
[pid 550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 550] setpgid(0, 0) = 0
[pid 550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 550] write(3, "1000", 4) = 4
[pid 550] close(3) = 0
[pid 550] symlink("/dev/binderfs", "./binderfs") = 0
[pid 550] write(1, "executing program\n", 18executing program
) = 18
[pid 550] memfd_create("syzkaller", 0) = 3
[pid 550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 550] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 550] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 550] close(3) = 0
[pid 550] close(4) = 0
[pid 550] mkdir("./file1", 0777) = 0
[pid 550] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 550] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 550] chdir("./file1") = 0
[pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 550] ioctl(4, LOOP_CLR_FD) = 0
[pid 550] close(4) = 0
[pid 550] chdir("./file0") = 0
[pid 550] creat("./bus", 000) = 4
[pid 550] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 550] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 550] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 550] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 550] exit_group(0) = ?
[pid 550] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=550, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs") = 0
umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./78/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./78/file1/lost+found") = 0
umount2("./78/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./78/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file0/file0") = 0
umount2("./78/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file0/file1") = 0
umount2("./78/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./78/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./78/file1/file0") = 0
umount2("./78/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file1") = 0
umount2("./78/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file2") = 0
umount2("./78/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file3") = 0
umount2("./78/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file1") = -1 EBUSY (Device or resource busy)
[ 36.515195][ T550] loop0: detected capacity change from 0 to 1024
[ 36.527507][ T550] EXT4-fs: Ignoring removed orlov option
[ 36.533010][ T550] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./78/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 553
./strace-static-x86_64: Process 553 attached
[pid 553] set_robust_list(0x55555607f660, 24) = 0
[pid 553] chdir("./79") = 0
[pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 553] setpgid(0, 0) = 0
[pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 553] write(3, "1000", 4) = 4
[pid 553] close(3) = 0
[pid 553] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 553] write(1, "executing program\n", 18) = 18
[pid 553] memfd_create("syzkaller", 0) = 3
[pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 553] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 553] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 553] close(3) = 0
[pid 553] close(4) = 0
[pid 553] mkdir("./file1", 0777) = 0
[pid 553] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 553] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 553] chdir("./file1") = 0
[pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 553] ioctl(4, LOOP_CLR_FD) = 0
[pid 553] close(4) = 0
[pid 553] chdir("./file0") = 0
[pid 553] creat("./bus", 000) = 4
[pid 553] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 553] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 553] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 553] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 553] exit_group(0) = ?
[pid 553] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=553, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs") = 0
umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./79/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./79/file1/lost+found") = 0
umount2("./79/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./79/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file0/file0") = 0
umount2("./79/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file0/file1") = 0
umount2("./79/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./79/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./79/file1/file0") = 0
umount2("./79/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file1") = 0
umount2("./79/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file2") = 0
umount2("./79/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file3") = 0
umount2("./79/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file1") = -1 EBUSY (Device or resource busy)
umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./79/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
[ 36.586226][ T553] loop0: detected capacity change from 0 to 1024
[ 36.594051][ T553] EXT4-fs: Ignoring removed orlov option
[ 36.600031][ T553] EXT4-fs: Ignoring removed nomblk_io_submit option
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 557 attached
[pid 557] set_robust_list(0x55555607f660, 24) = 0
[pid 557] chdir("./80") = 0
[pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 557] setpgid(0, 0) = 0
[pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 557] write(3, "1000", 4) = 4
[pid 557] close(3) = 0
[pid 557] symlink("/dev/binderfs", "./binderfs") = 0
[pid 557] write(1, "executing program\n", 18) = 18
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 557
[pid 557] memfd_create("syzkaller", 0) = 3
[pid 557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 557] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 557] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 557] close(3) = 0
[pid 557] close(4) = 0
[pid 557] mkdir("./file1", 0777) = 0
[pid 557] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 557] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 557] chdir("./file1") = 0
[pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 557] ioctl(4, LOOP_CLR_FD) = 0
[pid 557] close(4) = 0
[pid 557] chdir("./file0") = 0
[pid 557] creat("./bus", 000) = 4
[pid 557] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 557] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 557] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 557] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 557] exit_group(0) = ?
[pid 557] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=557, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs") = 0
umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./80/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./80/file1/lost+found") = 0
umount2("./80/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./80/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file0/file0") = 0
umount2("./80/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file0/file1") = 0
umount2("./80/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./80/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./80/file1/file0") = 0
umount2("./80/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file1") = 0
umount2("./80/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file2") = 0
umount2("./80/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file3") = 0
umount2("./80/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file1") = -1 EBUSY (Device or resource busy)
umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./80/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 36.656145][ T557] loop0: detected capacity change from 0 to 1024
[ 36.663413][ T557] EXT4-fs: Ignoring removed orlov option
[ 36.670244][ T557] EXT4-fs: Ignoring removed nomblk_io_submit option
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 560
./strace-static-x86_64: Process 560 attached
[pid 560] set_robust_list(0x55555607f660, 24) = 0
[pid 560] chdir("./81") = 0
[pid 560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 560] setpgid(0, 0) = 0
[pid 560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 560] write(3, "1000", 4) = 4
[pid 560] close(3) = 0
[pid 560] symlink("/dev/binderfs", "./binderfs") = 0
[pid 560] write(1, "executing program\n", 18executing program
) = 18
[pid 560] memfd_create("syzkaller", 0) = 3
[pid 560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 560] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 560] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 560] close(3) = 0
[pid 560] close(4) = 0
[pid 560] mkdir("./file1", 0777) = 0
[pid 560] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 560] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 560] chdir("./file1") = 0
[pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 560] ioctl(4, LOOP_CLR_FD) = 0
[pid 560] close(4) = 0
[pid 560] chdir("./file0") = 0
[pid 560] creat("./bus", 000) = 4
[pid 560] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 560] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 560] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 560] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 560] exit_group(0) = ?
[pid 560] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=560, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs") = 0
umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./81/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./81/file1/lost+found") = 0
umount2("./81/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./81/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file0/file0") = 0
umount2("./81/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file0/file1") = 0
umount2("./81/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./81/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./81/file1/file0") = 0
umount2("./81/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file1") = 0
umount2("./81/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file2") = 0
umount2("./81/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file3") = 0
umount2("./81/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file1") = -1 EBUSY (Device or resource busy)
umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./81/file1") = 0
[ 36.725808][ T560] loop0: detected capacity change from 0 to 1024
[ 36.735388][ T560] EXT4-fs: Ignoring removed orlov option
[ 36.741008][ T560] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 563 attached
[pid 563] set_robust_list(0x55555607f660, 24) = 0
[pid 563] chdir("./82") = 0
[pid 563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 563] setpgid(0, 0) = 0
[pid 563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 563] write(3, "1000", 4) = 4
[pid 563] close(3) = 0
[pid 563] symlink("/dev/binderfs", "./binderfs") = 0
[pid 563] write(1, "executing program\n", 18) = 18
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 563
[pid 563] memfd_create("syzkaller", 0) = 3
[pid 563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 563] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 563] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 563] close(3) = 0
[pid 563] close(4) = 0
[pid 563] mkdir("./file1", 0777) = 0
[pid 563] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 563] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 563] chdir("./file1") = 0
[pid 563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 563] ioctl(4, LOOP_CLR_FD) = 0
[pid 563] close(4) = 0
[pid 563] chdir("./file0") = 0
[pid 563] creat("./bus", 000) = 4
[pid 563] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 563] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 563] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 563] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 563] exit_group(0) = ?
[pid 563] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=563, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs") = 0
umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./82/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./82/file1/lost+found") = 0
umount2("./82/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./82/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file0/file0") = 0
umount2("./82/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file0/file1") = 0
umount2("./82/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./82/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./82/file1/file0") = 0
umount2("./82/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file1") = 0
umount2("./82/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file2") = 0
umount2("./82/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file3") = 0
umount2("./82/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file1") = -1 EBUSY (Device or resource busy)
umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./82/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 566 attached
[pid 566] set_robust_list(0x55555607f660, 24) = 0
[pid 566] chdir("./83") = 0
[pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 566] setpgid(0, 0) = 0
[pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 566
[pid 566] <... openat resumed>) = 3
[pid 566] write(3, "1000", 4) = 4
[pid 566] close(3) = 0
[pid 566] symlink("/dev/binderfs", "./binderfs") = 0
[pid 566] write(1, "executing program\n", 18executing program
) = 18
[pid 566] memfd_create("syzkaller", 0) = 3
[pid 566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 566] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 36.797076][ T563] loop0: detected capacity change from 0 to 1024
[ 36.804903][ T563] EXT4-fs: Ignoring removed orlov option
[ 36.811468][ T563] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 36.835705][ T563] syz-executor374 (563) used greatest stack depth: 22056 bytes left
[pid 566] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 566] close(3) = 0
[pid 566] close(4) = 0
[pid 566] mkdir("./file1", 0777) = 0
[pid 566] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 566] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 566] chdir("./file1") = 0
[pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 566] ioctl(4, LOOP_CLR_FD) = 0
[pid 566] close(4) = 0
[pid 566] chdir("./file0") = 0
[pid 566] creat("./bus", 000) = 4
[pid 566] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 566] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 566] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 566] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 566] exit_group(0) = ?
[pid 566] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs") = 0
umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./83/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./83/file1/lost+found") = 0
umount2("./83/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./83/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file0/file0") = 0
umount2("./83/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file0/file1") = 0
umount2("./83/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./83/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./83/file1/file0") = 0
umount2("./83/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file1") = 0
umount2("./83/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file2") = 0
umount2("./83/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file3") = 0
umount2("./83/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file1") = -1 EBUSY (Device or resource busy)
[ 36.874995][ T566] loop0: detected capacity change from 0 to 1024
[ 36.886647][ T566] EXT4-fs: Ignoring removed orlov option
[ 36.892136][ T566] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./83/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 569
./strace-static-x86_64: Process 569 attached
[pid 569] set_robust_list(0x55555607f660, 24) = 0
[pid 569] chdir("./84") = 0
[pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 569] setpgid(0, 0) = 0
[pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 569] write(3, "1000", 4) = 4
[pid 569] close(3) = 0
[pid 569] symlink("/dev/binderfs", "./binderfs") = 0
[pid 569] write(1, "executing program\n", 18executing program
) = 18
[pid 569] memfd_create("syzkaller", 0) = 3
[pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 569] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 569] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 569] close(3) = 0
[pid 569] close(4) = 0
[pid 569] mkdir("./file1", 0777) = 0
[pid 569] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 569] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 569] chdir("./file1") = 0
[pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 569] ioctl(4, LOOP_CLR_FD) = 0
[pid 569] close(4) = 0
[pid 569] chdir("./file0") = 0
[pid 569] creat("./bus", 000) = 4
[pid 569] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 569] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 569] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 569] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 569] exit_group(0) = ?
[pid 569] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=569, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs") = 0
umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./84/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./84/file1/lost+found") = 0
umount2("./84/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./84/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file0/file0") = 0
umount2("./84/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file0/file1") = 0
umount2("./84/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./84/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./84/file1/file0") = 0
umount2("./84/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file1") = 0
umount2("./84/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file2") = 0
umount2("./84/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file3") = 0
umount2("./84/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file1") = -1 EBUSY (Device or resource busy)
umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 36.946645][ T569] loop0: detected capacity change from 0 to 1024
[ 36.956668][ T569] EXT4-fs: Ignoring removed orlov option
[ 36.962134][ T569] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./84/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55555607f650) = 572
./strace-static-x86_64: Process 572 attached
[pid 572] set_robust_list(0x55555607f660, 24) = 0
[pid 572] chdir("./85") = 0
[pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 572] setpgid(0, 0) = 0
[pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 572] write(3, "1000", 4) = 4
[pid 572] close(3) = 0
[pid 572] symlink("/dev/binderfs", "./binderfs") = 0
[pid 572] write(1, "executing program\n", 18) = 18
[pid 572] memfd_create("syzkaller", 0) = 3
[pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 572] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 572] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 572] close(3) = 0
[pid 572] close(4) = 0
[pid 572] mkdir("./file1", 0777) = 0
[pid 572] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 572] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 572] chdir("./file1") = 0
[pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 572] ioctl(4, LOOP_CLR_FD) = 0
[pid 572] close(4) = 0
[pid 572] chdir("./file0") = 0
[pid 572] creat("./bus", 000) = 4
[pid 572] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 572] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 572] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 572] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 572] exit_group(0) = ?
[pid 572] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=572, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs") = 0
umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./85/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./85/file1/lost+found") = 0
umount2("./85/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./85/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file0/file0") = 0
umount2("./85/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file0/file1") = 0
umount2("./85/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./85/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./85/file1/file0") = 0
umount2("./85/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file1") = 0
umount2("./85/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file2") = 0
umount2("./85/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file3") = 0
umount2("./85/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file1") = -1 EBUSY (Device or resource busy)
umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./85/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 37.016766][ T572] loop0: detected capacity change from 0 to 1024
[ 37.026695][ T572] EXT4-fs: Ignoring removed orlov option
[ 37.032163][ T572] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 575
./strace-static-x86_64: Process 575 attached
[pid 575] set_robust_list(0x55555607f660, 24) = 0
[pid 575] chdir("./86") = 0
[pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 575] setpgid(0, 0) = 0
[pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 575] write(3, "1000", 4) = 4
[pid 575] close(3) = 0
[pid 575] symlink("/dev/binderfs", "./binderfs") = 0
[pid 575] write(1, "executing program\n", 18executing program
) = 18
[pid 575] memfd_create("syzkaller", 0) = 3
[pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 575] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 575] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 575] close(3) = 0
[pid 575] close(4) = 0
[pid 575] mkdir("./file1", 0777) = 0
[pid 575] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 575] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 575] chdir("./file1") = 0
[pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 575] ioctl(4, LOOP_CLR_FD) = 0
[pid 575] close(4) = 0
[pid 575] chdir("./file0") = 0
[pid 575] creat("./bus", 000) = 4
[pid 575] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 575] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 575] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 575] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 575] exit_group(0) = ?
[pid 575] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=575, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs") = 0
umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./86/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./86/file1/lost+found") = 0
umount2("./86/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./86/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file0/file0") = 0
umount2("./86/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file0/file1") = 0
umount2("./86/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./86/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./86/file1/file0") = 0
umount2("./86/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file1") = 0
umount2("./86/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file2") = 0
umount2("./86/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file3") = 0
umount2("./86/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file1") = -1 EBUSY (Device or resource busy)
[ 37.090523][ T575] loop0: detected capacity change from 0 to 1024
[ 37.098806][ T575] EXT4-fs: Ignoring removed orlov option
[ 37.104559][ T575] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./86/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 579
./strace-static-x86_64: Process 579 attached
[pid 579] set_robust_list(0x55555607f660, 24) = 0
[pid 579] chdir("./87") = 0
[pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 579] setpgid(0, 0) = 0
[pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 579] write(3, "1000", 4) = 4
[pid 579] close(3) = 0
[pid 579] symlink("/dev/binderfs", "./binderfs") = 0
[pid 579] write(1, "executing program\n", 18executing program
) = 18
[pid 579] memfd_create("syzkaller", 0) = 3
[pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 579] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 579] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 579] close(3) = 0
[pid 579] close(4) = 0
[pid 579] mkdir("./file1", 0777) = 0
[pid 579] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 579] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 579] chdir("./file1") = 0
[pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 579] ioctl(4, LOOP_CLR_FD) = 0
[pid 579] close(4) = 0
[pid 579] chdir("./file0") = 0
[pid 579] creat("./bus", 000) = 4
[pid 579] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 579] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 579] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 579] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 579] exit_group(0) = ?
[pid 579] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=579, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs") = 0
umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./87/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./87/file1/lost+found") = 0
umount2("./87/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./87/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file0/file0") = 0
umount2("./87/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file0/file1") = 0
umount2("./87/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./87/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./87/file1/file0") = 0
umount2("./87/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file1") = 0
umount2("./87/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file2") = 0
umount2("./87/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file3") = 0
umount2("./87/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file1") = -1 EBUSY (Device or resource busy)
[ 37.168036][ T579] loop0: detected capacity change from 0 to 1024
[ 37.177057][ T579] EXT4-fs: Ignoring removed orlov option
[ 37.183227][ T579] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./87/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 582
./strace-static-x86_64: Process 582 attached
[pid 582] set_robust_list(0x55555607f660, 24) = 0
[pid 582] chdir("./88") = 0
[pid 582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 582] setpgid(0, 0) = 0
[pid 582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 582] write(3, "1000", 4) = 4
[pid 582] close(3) = 0
[pid 582] symlink("/dev/binderfs", "./binderfs") = 0
[pid 582] write(1, "executing program\n", 18executing program
) = 18
[pid 582] memfd_create("syzkaller", 0) = 3
[pid 582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 582] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 582] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 582] close(3) = 0
[pid 582] close(4) = 0
[pid 582] mkdir("./file1", 0777) = 0
[pid 582] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 582] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 582] chdir("./file1") = 0
[pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 582] ioctl(4, LOOP_CLR_FD) = 0
[pid 582] close(4) = 0
[pid 582] chdir("./file0") = 0
[pid 582] creat("./bus", 000) = 4
[pid 582] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 582] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 582] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 582] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 582] exit_group(0) = ?
[pid 582] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=582, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs") = 0
umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./88/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./88/file1/lost+found") = 0
umount2("./88/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./88/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file0/file0") = 0
umount2("./88/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file0/file1") = 0
umount2("./88/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./88/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./88/file1/file0") = 0
umount2("./88/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file1") = 0
umount2("./88/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file2") = 0
umount2("./88/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file3") = 0
umount2("./88/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file1") = -1 EBUSY (Device or resource busy)
[ 37.246143][ T582] loop0: detected capacity change from 0 to 1024
[ 37.253933][ T582] EXT4-fs: Ignoring removed orlov option
[ 37.260285][ T582] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./88/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 585
./strace-static-x86_64: Process 585 attached
[pid 585] set_robust_list(0x55555607f660, 24) = 0
[pid 585] chdir("./89") = 0
[pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 585] setpgid(0, 0) = 0
[pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 585] write(3, "1000", 4) = 4
[pid 585] close(3) = 0
[pid 585] symlink("/dev/binderfs", "./binderfs") = 0
[pid 585] write(1, "executing program\n", 18) = 18
[pid 585] memfd_create("syzkaller", 0) = 3
[pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 585] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 585] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 585] close(3) = 0
[pid 585] close(4) = 0
[pid 585] mkdir("./file1", 0777) = 0
[pid 585] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 585] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 585] chdir("./file1") = 0
[pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 585] ioctl(4, LOOP_CLR_FD) = 0
[pid 585] close(4) = 0
[pid 585] chdir("./file0") = 0
[pid 585] creat("./bus", 000) = 4
[pid 585] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 585] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 585] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 585] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 585] exit_group(0) = ?
[pid 585] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=585, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs") = 0
umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./89/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./89/file1/lost+found") = 0
umount2("./89/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./89/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file0/file0") = 0
umount2("./89/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file0/file1") = 0
umount2("./89/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./89/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./89/file1/file0") = 0
umount2("./89/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file1") = 0
umount2("./89/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file2") = 0
umount2("./89/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file3") = 0
umount2("./89/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file1") = -1 EBUSY (Device or resource busy)
umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./89/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 588
./strace-static-x86_64: Process 588 attached
[pid 588] set_robust_list(0x55555607f660, 24) = 0
[pid 588] chdir("./90") = 0
[pid 588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 588] setpgid(0, 0) = 0
[pid 588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 588] write(3, "1000", 4) = 4
[pid 588] close(3) = 0
[pid 588] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 588] write(1, "executing program\n", 18) = 18
[pid 588] memfd_create("syzkaller", 0) = 3
[pid 588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[ 37.313118][ T585] loop0: detected capacity change from 0 to 1024
[ 37.322421][ T585] EXT4-fs: Ignoring removed orlov option
[ 37.328740][ T585] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 588] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 588] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 588] close(3) = 0
[pid 588] close(4) = 0
[pid 588] mkdir("./file1", 0777) = 0
[pid 588] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 588] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 588] chdir("./file1") = 0
[pid 588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 588] ioctl(4, LOOP_CLR_FD) = 0
[pid 588] close(4) = 0
[pid 588] chdir("./file0") = 0
[pid 588] creat("./bus", 000) = 4
[pid 588] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 588] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 588] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 588] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 588] exit_group(0) = ?
[pid 588] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=588, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs") = 0
umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./90/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./90/file1/lost+found") = 0
umount2("./90/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./90/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file0/file0") = 0
umount2("./90/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file0/file1") = 0
umount2("./90/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./90/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./90/file1/file0") = 0
umount2("./90/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file1") = 0
umount2("./90/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file2") = 0
umount2("./90/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file3") = 0
umount2("./90/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file1") = -1 EBUSY (Device or resource busy)
umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./90/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 591
./strace-static-x86_64: Process 591 attached
[pid 591] set_robust_list(0x55555607f660, 24) = 0
[pid 591] chdir("./91") = 0
[pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 591] setpgid(0, 0) = 0
[pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 591] write(3, "1000", 4) = 4
[pid 591] close(3) = 0
[pid 591] symlink("/dev/binderfs", "./binderfs") = 0
[ 37.376622][ T588] loop0: detected capacity change from 0 to 1024
[ 37.383681][ T588] EXT4-fs: Ignoring removed orlov option
[ 37.389441][ T588] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 591] write(1, "executing program\n", 18executing program
) = 18
[pid 591] memfd_create("syzkaller", 0) = 3
[pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 591] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 591] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 591] close(3) = 0
[pid 591] close(4) = 0
[pid 591] mkdir("./file1", 0777) = 0
[pid 591] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 591] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 591] chdir("./file1") = 0
[pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 591] ioctl(4, LOOP_CLR_FD) = 0
[pid 591] close(4) = 0
[pid 591] chdir("./file0") = 0
[pid 591] creat("./bus", 000) = 4
[pid 591] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 591] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 591] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 591] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 591] exit_group(0) = ?
[pid 591] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=591, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs") = 0
umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./91/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./91/file1/lost+found") = 0
umount2("./91/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./91/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file0/file0") = 0
umount2("./91/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file0/file1") = 0
umount2("./91/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./91/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./91/file1/file0") = 0
umount2("./91/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file1") = 0
umount2("./91/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file2") = 0
umount2("./91/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file3") = 0
umount2("./91/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file1") = -1 EBUSY (Device or resource busy)
umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./91/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 594
./strace-static-x86_64: Process 594 attached
[pid 594] set_robust_list(0x55555607f660, 24) = 0
[pid 594] chdir("./92") = 0
[pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 594] setpgid(0, 0) = 0
[pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 594] write(3, "1000", 4) = 4
[pid 594] close(3) = 0
[pid 594] symlink("/dev/binderfs", "./binderfs") = 0
[pid 594] write(1, "executing program\n", 18executing program
) = 18
[pid 594] memfd_create("syzkaller", 0) = 3
[pid 594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[ 37.442182][ T591] loop0: detected capacity change from 0 to 1024
[ 37.451999][ T591] EXT4-fs: Ignoring removed orlov option
[ 37.458369][ T591] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 594] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 594] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 594] close(3) = 0
[pid 594] close(4) = 0
[pid 594] mkdir("./file1", 0777) = 0
[pid 594] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 594] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 594] chdir("./file1") = 0
[pid 594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 594] ioctl(4, LOOP_CLR_FD) = 0
[pid 594] close(4) = 0
[pid 594] chdir("./file0") = 0
[pid 594] creat("./bus", 000) = 4
[pid 594] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 594] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 594] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 594] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 594] exit_group(0) = ?
[pid 594] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=594, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs") = 0
umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./92/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./92/file1/lost+found") = 0
umount2("./92/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./92/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file0/file0") = 0
umount2("./92/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file0/file1") = 0
umount2("./92/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./92/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./92/file1/file0") = 0
umount2("./92/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file1") = 0
umount2("./92/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file2") = 0
umount2("./92/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file3") = 0
umount2("./92/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file1") = -1 EBUSY (Device or resource busy)
[ 37.504597][ T594] loop0: detected capacity change from 0 to 1024
[ 37.517137][ T594] EXT4-fs: Ignoring removed orlov option
[ 37.522629][ T594] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./92/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 597
./strace-static-x86_64: Process 597 attached
[pid 597] set_robust_list(0x55555607f660, 24) = 0
[pid 597] chdir("./93") = 0
[pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 597] setpgid(0, 0) = 0
[pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 597] write(3, "1000", 4) = 4
executing program
[pid 597] close(3) = 0
[pid 597] symlink("/dev/binderfs", "./binderfs") = 0
[pid 597] write(1, "executing program\n", 18) = 18
[pid 597] memfd_create("syzkaller", 0) = 3
[pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 597] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 597] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 597] close(3) = 0
[pid 597] close(4) = 0
[pid 597] mkdir("./file1", 0777) = 0
[pid 597] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 597] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 597] chdir("./file1") = 0
[pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 597] ioctl(4, LOOP_CLR_FD) = 0
[pid 597] close(4) = 0
[pid 597] chdir("./file0") = 0
[pid 597] creat("./bus", 000) = 4
[pid 597] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 597] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 597] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 597] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 597] exit_group(0) = ?
[pid 597] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=597, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs") = 0
umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./93/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./93/file1/lost+found") = 0
umount2("./93/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./93/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file0/file0") = 0
umount2("./93/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file0/file1") = 0
umount2("./93/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./93/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./93/file1/file0") = 0
umount2("./93/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file1") = 0
umount2("./93/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file2") = 0
umount2("./93/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file3") = 0
umount2("./93/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file1") = -1 EBUSY (Device or resource busy)
[ 37.580404][ T597] loop0: detected capacity change from 0 to 1024
[ 37.590249][ T597] EXT4-fs: Ignoring removed orlov option
[ 37.595777][ T597] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./93/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 601
./strace-static-x86_64: Process 601 attached
[pid 601] set_robust_list(0x55555607f660, 24) = 0
[pid 601] chdir("./94") = 0
[pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 601] setpgid(0, 0) = 0
[pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 601] write(3, "1000", 4) = 4
[pid 601] close(3) = 0
[pid 601] symlink("/dev/binderfs", "./binderfs") = 0
[pid 601] write(1, "executing program\n", 18executing program
) = 18
[pid 601] memfd_create("syzkaller", 0) = 3
[pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 601] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 601] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 601] close(3) = 0
[pid 601] close(4) = 0
[pid 601] mkdir("./file1", 0777) = 0
[pid 601] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 601] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 601] chdir("./file1") = 0
[pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 601] ioctl(4, LOOP_CLR_FD) = 0
[pid 601] close(4) = 0
[pid 601] chdir("./file0") = 0
[pid 601] creat("./bus", 000) = 4
[pid 601] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 601] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 601] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 601] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 601] exit_group(0) = ?
[pid 601] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=601, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs") = 0
umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./94/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./94/file1/lost+found") = 0
umount2("./94/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./94/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file0/file0") = 0
umount2("./94/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file0/file1") = 0
umount2("./94/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./94/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./94/file1/file0") = 0
umount2("./94/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file1") = 0
umount2("./94/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file2") = 0
umount2("./94/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file3") = 0
umount2("./94/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 37.662759][ T601] loop0: detected capacity change from 0 to 1024
[ 37.674324][ T601] EXT4-fs: Ignoring removed orlov option
[ 37.680442][ T601] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./94/file1") = -1 EBUSY (Device or resource busy)
umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./94/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 604
./strace-static-x86_64: Process 604 attached
[pid 604] set_robust_list(0x55555607f660, 24) = 0
[pid 604] chdir("./95") = 0
[pid 604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 604] setpgid(0, 0) = 0
[pid 604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 604] write(3, "1000", 4) = 4
[pid 604] close(3) = 0
[pid 604] symlink("/dev/binderfs", "./binderfs") = 0
[pid 604] write(1, "executing program\n", 18executing program
) = 18
[pid 604] memfd_create("syzkaller", 0) = 3
[pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 604] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 604] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 604] close(3) = 0
[pid 604] close(4) = 0
[pid 604] mkdir("./file1", 0777) = 0
[pid 604] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 604] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 604] chdir("./file1") = 0
[pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 604] ioctl(4, LOOP_CLR_FD) = 0
[pid 604] close(4) = 0
[pid 604] chdir("./file0") = 0
[pid 604] creat("./bus", 000) = 4
[pid 604] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 604] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 604] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 604] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 604] exit_group(0) = ?
[pid 604] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=604, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs") = 0
umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./95/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./95/file1/lost+found") = 0
umount2("./95/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./95/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file0/file0") = 0
umount2("./95/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file0/file1") = 0
umount2("./95/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./95/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./95/file1/file0") = 0
umount2("./95/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file1") = 0
umount2("./95/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file2") = 0
umount2("./95/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file3") = 0
umount2("./95/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file1") = -1 EBUSY (Device or resource busy)
umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./95/file1") = 0
[ 37.741915][ T604] loop0: detected capacity change from 0 to 1024
[ 37.749994][ T604] EXT4-fs: Ignoring removed orlov option
[ 37.756688][ T604] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 607
./strace-static-x86_64: Process 607 attached
[pid 607] set_robust_list(0x55555607f660, 24) = 0
[pid 607] chdir("./96") = 0
[pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 607] setpgid(0, 0) = 0
[pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 607] write(3, "1000", 4) = 4
[pid 607] close(3) = 0
[pid 607] symlink("/dev/binderfs", "./binderfs") = 0
[pid 607] write(1, "executing program\n", 18executing program
) = 18
[pid 607] memfd_create("syzkaller", 0) = 3
[pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 607] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 607] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 607] close(3) = 0
[pid 607] close(4) = 0
[pid 607] mkdir("./file1", 0777) = 0
[pid 607] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 607] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 607] chdir("./file1") = 0
[pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 607] ioctl(4, LOOP_CLR_FD) = 0
[pid 607] close(4) = 0
[pid 607] chdir("./file0") = 0
[pid 607] creat("./bus", 000) = 4
[pid 607] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 607] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 607] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 607] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 607] exit_group(0) = ?
[pid 607] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=607, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs") = 0
umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./96/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./96/file1/lost+found") = 0
umount2("./96/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./96/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file0/file0") = 0
umount2("./96/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file0/file1") = 0
umount2("./96/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./96/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./96/file1/file0") = 0
umount2("./96/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file1") = 0
umount2("./96/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file2") = 0
umount2("./96/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file3") = 0
umount2("./96/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file1") = -1 EBUSY (Device or resource busy)
umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 37.814130][ T607] loop0: detected capacity change from 0 to 1024
[ 37.824089][ T607] EXT4-fs: Ignoring removed orlov option
[ 37.829789][ T607] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./96/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 610
./strace-static-x86_64: Process 610 attached
[pid 610] set_robust_list(0x55555607f660, 24) = 0
[pid 610] chdir("./97") = 0
[pid 610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 610] setpgid(0, 0) = 0
[pid 610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 610] write(3, "1000", 4) = 4
[pid 610] close(3) = 0
[pid 610] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 610] write(1, "executing program\n", 18) = 18
[pid 610] memfd_create("syzkaller", 0) = 3
[pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 610] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 610] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 610] close(3) = 0
[pid 610] close(4) = 0
[pid 610] mkdir("./file1", 0777) = 0
[pid 610] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 610] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 610] chdir("./file1") = 0
[pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 610] ioctl(4, LOOP_CLR_FD) = 0
[pid 610] close(4) = 0
[pid 610] chdir("./file0") = 0
[pid 610] creat("./bus", 000) = 4
[pid 610] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 610] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 610] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 610] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 610] exit_group(0) = ?
[pid 610] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=610, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs") = 0
umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./97/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./97/file1/lost+found") = 0
umount2("./97/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./97/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file0/file0") = 0
umount2("./97/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file0/file1") = 0
umount2("./97/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./97/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./97/file1/file0") = 0
umount2("./97/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file1") = 0
umount2("./97/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file2") = 0
umount2("./97/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file3") = 0
umount2("./97/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file1") = -1 EBUSY (Device or resource busy)
umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./97/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
[ 37.886801][ T610] loop0: detected capacity change from 0 to 1024
[ 37.894554][ T610] EXT4-fs: Ignoring removed orlov option
[ 37.901207][ T610] EXT4-fs: Ignoring removed nomblk_io_submit option
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55555607f650) = 613
./strace-static-x86_64: Process 613 attached
[pid 613] set_robust_list(0x55555607f660, 24) = 0
[pid 613] chdir("./98") = 0
[pid 613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 613] setpgid(0, 0) = 0
[pid 613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 613] write(3, "1000", 4) = 4
[pid 613] close(3) = 0
[pid 613] symlink("/dev/binderfs", "./binderfs") = 0
[pid 613] write(1, "executing program\n", 18) = 18
[pid 613] memfd_create("syzkaller", 0) = 3
[pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 613] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 613] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 613] close(3) = 0
[pid 613] close(4) = 0
[pid 613] mkdir("./file1", 0777) = 0
[pid 613] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 613] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 613] chdir("./file1") = 0
[pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 613] ioctl(4, LOOP_CLR_FD) = 0
[pid 613] close(4) = 0
[pid 613] chdir("./file0") = 0
[pid 613] creat("./bus", 000) = 4
[pid 613] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 613] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 613] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 613] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 613] exit_group(0) = ?
[pid 613] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=613, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs") = 0
umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./98/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./98/file1/lost+found") = 0
umount2("./98/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./98/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file0/file0") = 0
umount2("./98/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file0/file1") = 0
umount2("./98/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./98/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./98/file1/file0") = 0
umount2("./98/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file1") = 0
umount2("./98/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file2") = 0
umount2("./98/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file3") = 0
umount2("./98/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file1") = -1 EBUSY (Device or resource busy)
umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./98/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 37.956204][ T613] loop0: detected capacity change from 0 to 1024
[ 37.963452][ T613] EXT4-fs: Ignoring removed orlov option
[ 37.969263][ T613] EXT4-fs: Ignoring removed nomblk_io_submit option
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 616 attached
[pid 616] set_robust_list(0x55555607f660, 24) = 0
[pid 616] chdir("./99") = 0
[pid 616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 616] setpgid(0, 0) = 0
[pid 616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 616] write(3, "1000", 4) = 4
[pid 616] close(3) = 0
[pid 616] symlink("/dev/binderfs", "./binderfs") = 0
[pid 616] write(1, "executing program\n", 18) = 18
[pid 616] memfd_create("syzkaller", 0) = 3
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 616
[pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 616] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 616] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 616] close(3) = 0
[pid 616] close(4) = 0
[pid 616] mkdir("./file1", 0777) = 0
[pid 616] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 616] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 616] chdir("./file1") = 0
[pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 616] ioctl(4, LOOP_CLR_FD) = 0
[pid 616] close(4) = 0
[pid 616] chdir("./file0") = 0
[pid 616] creat("./bus", 000) = 4
[pid 616] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 616] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 616] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 616] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 616] exit_group(0) = ?
[pid 616] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=616, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs") = 0
umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./99/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./99/file1/lost+found") = 0
umount2("./99/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./99/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file0/file0") = 0
umount2("./99/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file0/file1") = 0
umount2("./99/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./99/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./99/file1/file0") = 0
umount2("./99/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file1") = 0
umount2("./99/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file2") = 0
umount2("./99/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file3") = 0
umount2("./99/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file1") = -1 EBUSY (Device or resource busy)
umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./99/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 619
./strace-static-x86_64: Process 619 attached
[pid 619] set_robust_list(0x55555607f660, 24) = 0
[pid 619] chdir("./100") = 0
[pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 619] setpgid(0, 0) = 0
[pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 619] write(3, "1000", 4) = 4
[pid 619] close(3) = 0
[pid 619] symlink("/dev/binderfs", "./binderfs") = 0
[pid 619] write(1, "executing program\n", 18executing program
) = 18
[pid 619] memfd_create("syzkaller", 0) = 3
[pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 619] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 38.024504][ T616] loop0: detected capacity change from 0 to 1024
[ 38.032721][ T616] EXT4-fs: Ignoring removed orlov option
[ 38.038296][ T616] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 619] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 619] close(3) = 0
[pid 619] close(4) = 0
[pid 619] mkdir("./file1", 0777) = 0
[pid 619] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 619] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 619] chdir("./file1") = 0
[pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 619] ioctl(4, LOOP_CLR_FD) = 0
[pid 619] close(4) = 0
[pid 619] chdir("./file0") = 0
[pid 619] creat("./bus", 000) = 4
[pid 619] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 619] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 619] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 619] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 619] exit_group(0) = ?
[pid 619] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=619, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs") = 0
umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./100/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./100/file1/lost+found") = 0
umount2("./100/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./100/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file0/file0") = 0
umount2("./100/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file0/file1") = 0
umount2("./100/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./100/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./100/file1/file0") = 0
umount2("./100/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file1") = 0
umount2("./100/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file2") = 0
umount2("./100/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file3") = 0
umount2("./100/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file1") = -1 EBUSY (Device or resource busy)
[ 38.084332][ T619] loop0: detected capacity change from 0 to 1024
[ 38.094719][ T619] EXT4-fs: Ignoring removed orlov option
[ 38.100455][ T619] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./100/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 622
./strace-static-x86_64: Process 622 attached
[pid 622] set_robust_list(0x55555607f660, 24) = 0
[pid 622] chdir("./101") = 0
[pid 622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 622] setpgid(0, 0) = 0
[pid 622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 622] write(3, "1000", 4) = 4
[pid 622] close(3) = 0
[pid 622] symlink("/dev/binderfs", "./binderfs") = 0
[pid 622] write(1, "executing program\n", 18executing program
) = 18
[pid 622] memfd_create("syzkaller", 0) = 3
[pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 622] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 622] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 622] close(3) = 0
[pid 622] close(4) = 0
[pid 622] mkdir("./file1", 0777) = 0
[pid 622] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 622] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 622] chdir("./file1") = 0
[pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 622] ioctl(4, LOOP_CLR_FD) = 0
[pid 622] close(4) = 0
[pid 622] chdir("./file0") = 0
[pid 622] creat("./bus", 000) = 4
[pid 622] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 622] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 622] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 622] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 622] exit_group(0) = ?
[pid 622] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=622, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs") = 0
umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./101/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./101/file1/lost+found") = 0
umount2("./101/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./101/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file0/file0") = 0
umount2("./101/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file0/file1") = 0
umount2("./101/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./101/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./101/file1/file0") = 0
umount2("./101/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file1") = 0
umount2("./101/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file2") = 0
umount2("./101/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file3") = 0
umount2("./101/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 38.161056][ T622] loop0: detected capacity change from 0 to 1024
[ 38.172743][ T622] EXT4-fs: Ignoring removed orlov option
[ 38.178463][ T622] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./101/file1") = -1 EBUSY (Device or resource busy)
umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./101/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 625
./strace-static-x86_64: Process 625 attached
[pid 625] set_robust_list(0x55555607f660, 24) = 0
[pid 625] chdir("./102") = 0
[pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 625] setpgid(0, 0) = 0
[pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 625] write(3, "1000", 4) = 4
[pid 625] close(3) = 0
[pid 625] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 625] write(1, "executing program\n", 18) = 18
[pid 625] memfd_create("syzkaller", 0) = 3
[pid 625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 625] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 625] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 625] close(3) = 0
[pid 625] close(4) = 0
[pid 625] mkdir("./file1", 0777) = 0
[pid 625] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 625] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 625] chdir("./file1") = 0
[pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 625] ioctl(4, LOOP_CLR_FD) = 0
[pid 625] close(4) = 0
[pid 625] chdir("./file0") = 0
[pid 625] creat("./bus", 000) = 4
[pid 625] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 625] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 625] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 625] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 625] exit_group(0) = ?
[pid 625] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=625, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs") = 0
umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./102/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./102/file1/lost+found") = 0
umount2("./102/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./102/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file0/file0") = 0
umount2("./102/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file0/file1") = 0
umount2("./102/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./102/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./102/file1/file0") = 0
umount2("./102/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file1") = 0
umount2("./102/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file2") = 0
umount2("./102/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file3") = 0
umount2("./102/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file1") = -1 EBUSY (Device or resource busy)
umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./102/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 628
[ 38.238222][ T625] loop0: detected capacity change from 0 to 1024
[ 38.246694][ T625] EXT4-fs: Ignoring removed orlov option
[ 38.252156][ T625] EXT4-fs: Ignoring removed nomblk_io_submit option
executing program
./strace-static-x86_64: Process 628 attached
[pid 628] set_robust_list(0x55555607f660, 24) = 0
[pid 628] chdir("./103") = 0
[pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 628] setpgid(0, 0) = 0
[pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 628] write(3, "1000", 4) = 4
[pid 628] close(3) = 0
[pid 628] symlink("/dev/binderfs", "./binderfs") = 0
[pid 628] write(1, "executing program\n", 18) = 18
[pid 628] memfd_create("syzkaller", 0) = 3
[pid 628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 628] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 628] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 628] close(3) = 0
[pid 628] close(4) = 0
[pid 628] mkdir("./file1", 0777) = 0
[pid 628] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 628] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 628] chdir("./file1") = 0
[pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 628] ioctl(4, LOOP_CLR_FD) = 0
[pid 628] close(4) = 0
[pid 628] chdir("./file0") = 0
[pid 628] creat("./bus", 000) = 4
[pid 628] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 628] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 628] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 628] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 628] exit_group(0) = ?
[pid 628] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=628, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs") = 0
umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./103/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./103/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./103/file1/lost+found") = 0
umount2("./103/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./103/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file0/file0") = 0
umount2("./103/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file0/file1") = 0
umount2("./103/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./103/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./103/file1/file0") = 0
umount2("./103/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file1") = 0
umount2("./103/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file2") = 0
umount2("./103/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file3") = 0
umount2("./103/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file1") = -1 EBUSY (Device or resource busy)
[ 38.303578][ T628] loop0: detected capacity change from 0 to 1024
[ 38.312786][ T628] EXT4-fs: Ignoring removed orlov option
[ 38.318451][ T628] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./103/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 631
./strace-static-x86_64: Process 631 attached
[pid 631] set_robust_list(0x55555607f660, 24) = 0
[pid 631] chdir("./104") = 0
[pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 631] setpgid(0, 0) = 0
[pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 631] write(3, "1000", 4) = 4
[pid 631] close(3) = 0
[pid 631] symlink("/dev/binderfs", "./binderfs") = 0
[pid 631] write(1, "executing program\n", 18) = 18
[pid 631] memfd_create("syzkaller", 0) = 3
[pid 631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 631] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 631] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 631] close(3) = 0
[pid 631] close(4) = 0
[pid 631] mkdir("./file1", 0777) = 0
[pid 631] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 631] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 631] chdir("./file1") = 0
[pid 631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 631] ioctl(4, LOOP_CLR_FD) = 0
[pid 631] close(4) = 0
[pid 631] chdir("./file0") = 0
[pid 631] creat("./bus", 000) = 4
[pid 631] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 631] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 631] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 631] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 631] exit_group(0) = ?
[pid 631] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=631, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs") = 0
umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./104/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./104/file1/lost+found") = 0
umount2("./104/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./104/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file0/file0") = 0
umount2("./104/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file0/file1") = 0
umount2("./104/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./104/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./104/file1/file0") = 0
umount2("./104/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file1") = 0
umount2("./104/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file2") = 0
umount2("./104/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file3") = 0
umount2("./104/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file1") = -1 EBUSY (Device or resource busy)
[ 38.368050][ T631] loop0: detected capacity change from 0 to 1024
[ 38.375935][ T631] EXT4-fs: Ignoring removed orlov option
[ 38.382666][ T631] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./104/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 634
./strace-static-x86_64: Process 634 attached
[pid 634] set_robust_list(0x55555607f660, 24) = 0
[pid 634] chdir("./105") = 0
[pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 634] setpgid(0, 0) = 0
[pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 634] write(3, "1000", 4) = 4
[pid 634] close(3) = 0
[pid 634] symlink("/dev/binderfs", "./binderfs") = 0
[pid 634] write(1, "executing program\n", 18executing program
) = 18
[pid 634] memfd_create("syzkaller", 0) = 3
[pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 634] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 634] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 634] close(3) = 0
[pid 634] close(4) = 0
[pid 634] mkdir("./file1", 0777) = 0
[pid 634] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 634] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 634] chdir("./file1") = 0
[pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 634] ioctl(4, LOOP_CLR_FD) = 0
[pid 634] close(4) = 0
[pid 634] chdir("./file0") = 0
[pid 634] creat("./bus", 000) = 4
[pid 634] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 634] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 634] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 634] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 634] exit_group(0) = ?
[pid 634] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=634, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs") = 0
umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./105/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./105/file1/lost+found") = 0
umount2("./105/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./105/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file0/file0") = 0
umount2("./105/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file0/file1") = 0
umount2("./105/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./105/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./105/file1/file0") = 0
umount2("./105/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file1") = 0
umount2("./105/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file2") = 0
umount2("./105/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file3") = 0
umount2("./105/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file1") = -1 EBUSY (Device or resource busy)
[ 38.443797][ T634] loop0: detected capacity change from 0 to 1024
[ 38.451892][ T634] EXT4-fs: Ignoring removed orlov option
[ 38.457469][ T634] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./105/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 637
./strace-static-x86_64: Process 637 attached
[pid 637] set_robust_list(0x55555607f660, 24) = 0
[pid 637] chdir("./106") = 0
[pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 637] setpgid(0, 0) = 0
[pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 637] write(3, "1000", 4) = 4
[pid 637] close(3) = 0
[pid 637] symlink("/dev/binderfs", "./binderfs") = 0
[pid 637] write(1, "executing program\n", 18) = 18
[pid 637] memfd_create("syzkaller", 0) = 3
[pid 637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 637] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 637] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 637] close(3) = 0
[pid 637] close(4) = 0
[pid 637] mkdir("./file1", 0777) = 0
[pid 637] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 637] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 637] chdir("./file1") = 0
[pid 637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 637] ioctl(4, LOOP_CLR_FD) = 0
[pid 637] close(4) = 0
[pid 637] chdir("./file0") = 0
[pid 637] creat("./bus", 000) = 4
[pid 637] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 637] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 637] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 637] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 637] exit_group(0) = ?
[pid 637] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=637, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/binderfs") = 0
umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./106/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./106/file1/lost+found") = 0
umount2("./106/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./106/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file0/file0") = 0
umount2("./106/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file0/file1") = 0
umount2("./106/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./106/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./106/file1/file0") = 0
umount2("./106/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file1") = 0
umount2("./106/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file2") = 0
umount2("./106/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file3") = 0
umount2("./106/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file1") = -1 EBUSY (Device or resource busy)
umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./106/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 38.516115][ T637] loop0: detected capacity change from 0 to 1024
[ 38.524099][ T637] EXT4-fs: Ignoring removed orlov option
[ 38.530614][ T637] EXT4-fs: Ignoring removed nomblk_io_submit option
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55555607f650) = 641
./strace-static-x86_64: Process 641 attached
[pid 641] set_robust_list(0x55555607f660, 24) = 0
[pid 641] chdir("./107") = 0
[pid 641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 641] setpgid(0, 0) = 0
[pid 641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 641] write(3, "1000", 4) = 4
[pid 641] close(3) = 0
[pid 641] symlink("/dev/binderfs", "./binderfs") = 0
[pid 641] write(1, "executing program\n", 18) = 18
[pid 641] memfd_create("syzkaller", 0) = 3
[pid 641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 641] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 641] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 641] close(3) = 0
[pid 641] close(4) = 0
[pid 641] mkdir("./file1", 0777) = 0
[pid 641] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 641] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 641] chdir("./file1") = 0
[pid 641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 641] ioctl(4, LOOP_CLR_FD) = 0
[pid 641] close(4) = 0
[pid 641] chdir("./file0") = 0
[pid 641] creat("./bus", 000) = 4
[pid 641] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 641] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 641] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 641] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 641] exit_group(0) = ?
[pid 641] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=641, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/binderfs") = 0
umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./107/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./107/file1/lost+found") = 0
umount2("./107/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./107/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file0/file0") = 0
umount2("./107/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file0/file1") = 0
umount2("./107/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./107/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./107/file1/file0") = 0
umount2("./107/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file1") = 0
umount2("./107/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file2") = 0
umount2("./107/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file3") = 0
umount2("./107/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./107/file1") = -1 EBUSY (Device or resource busy)
umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./107/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./107") = 0
mkdir("./108", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 38.583755][ T641] loop0: detected capacity change from 0 to 1024
[ 38.590958][ T641] EXT4-fs: Ignoring removed orlov option
[ 38.596598][ T641] EXT4-fs: Ignoring removed nomblk_io_submit option
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 645
./strace-static-x86_64: Process 645 attached
[pid 645] set_robust_list(0x55555607f660, 24) = 0
[pid 645] chdir("./108") = 0
[pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 645] setpgid(0, 0) = 0
[pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 645] write(3, "1000", 4) = 4
[pid 645] close(3) = 0
[pid 645] symlink("/dev/binderfs", "./binderfs") = 0
[pid 645] write(1, "executing program\n", 18executing program
) = 18
[pid 645] memfd_create("syzkaller", 0) = 3
[pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 645] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 645] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 645] close(3) = 0
[pid 645] close(4) = 0
[pid 645] mkdir("./file1", 0777) = 0
[pid 645] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 645] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 645] chdir("./file1") = 0
[pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 645] ioctl(4, LOOP_CLR_FD) = 0
[pid 645] close(4) = 0
[pid 645] chdir("./file0") = 0
[pid 645] creat("./bus", 000) = 4
[pid 645] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 645] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 645] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 645] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 645] exit_group(0) = ?
[pid 645] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=645, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/binderfs") = 0
umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./108/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./108/file1/lost+found") = 0
umount2("./108/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 38.653965][ T645] loop0: detected capacity change from 0 to 1024
[ 38.663641][ T645] EXT4-fs: Ignoring removed orlov option
[ 38.669296][ T645] EXT4-fs: Ignoring removed nomblk_io_submit option
newfstatat(AT_FDCWD, "./108/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./108/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file0/file0") = 0
umount2("./108/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file0/file1") = 0
umount2("./108/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./108/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./108/file1/file0") = 0
umount2("./108/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file1") = 0
umount2("./108/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file2") = 0
umount2("./108/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file3") = 0
umount2("./108/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./108/file1") = -1 EBUSY (Device or resource busy)
umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./108/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./108") = 0
mkdir("./109", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 648
./strace-static-x86_64: Process 648 attached
[pid 648] set_robust_list(0x55555607f660, 24) = 0
[pid 648] chdir("./109") = 0
[pid 648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 648] setpgid(0, 0) = 0
[pid 648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 648] write(3, "1000", 4) = 4
[pid 648] close(3) = 0
[pid 648] symlink("/dev/binderfs", "./binderfs") = 0
[pid 648] write(1, "executing program\n", 18) = 18
[pid 648] memfd_create("syzkaller", 0) = 3
[pid 648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 648] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 648] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 648] close(3) = 0
[pid 648] close(4) = 0
[pid 648] mkdir("./file1", 0777) = 0
[pid 648] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 648] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 648] chdir("./file1") = 0
[pid 648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 648] ioctl(4, LOOP_CLR_FD) = 0
[pid 648] close(4) = 0
[pid 648] chdir("./file0") = 0
[pid 648] creat("./bus", 000) = 4
[pid 648] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 648] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 648] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 648] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 648] exit_group(0) = ?
[pid 648] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=648, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/binderfs") = 0
umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./109/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./109/file1/lost+found") = 0
umount2("./109/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./109/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file0/file0") = 0
umount2("./109/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file0/file1") = 0
umount2("./109/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./109/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./109/file1/file0") = 0
umount2("./109/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file1") = 0
umount2("./109/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file2") = 0
umount2("./109/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file3") = 0
umount2("./109/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./109/file1") = -1 EBUSY (Device or resource busy)
umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./109/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./109") = 0
mkdir("./110", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 651
./strace-static-x86_64: Process 651 attached
[ 38.733328][ T648] loop0: detected capacity change from 0 to 1024
[ 38.741474][ T648] EXT4-fs: Ignoring removed orlov option
[ 38.747091][ T648] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 651] set_robust_list(0x55555607f660, 24) = 0
[pid 651] chdir("./110") = 0
[pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 651] setpgid(0, 0) = 0
[pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 651] write(3, "1000", 4) = 4
[pid 651] close(3) = 0
[pid 651] symlink("/dev/binderfs", "./binderfs") = 0
[pid 651] write(1, "executing program\n", 18executing program
) = 18
[pid 651] memfd_create("syzkaller", 0) = 3
[pid 651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 651] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 651] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 651] close(3) = 0
[pid 651] close(4) = 0
[pid 651] mkdir("./file1", 0777) = 0
[pid 651] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 651] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 651] chdir("./file1") = 0
[pid 651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 651] ioctl(4, LOOP_CLR_FD) = 0
[pid 651] close(4) = 0
[pid 651] chdir("./file0") = 0
[pid 651] creat("./bus", 000) = 4
[pid 651] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 651] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 651] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 651] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 651] exit_group(0) = ?
[pid 651] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=651, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/binderfs") = 0
umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./110/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./110/file1/lost+found") = 0
umount2("./110/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./110/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file0/file0") = 0
umount2("./110/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file0/file1") = 0
umount2("./110/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./110/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./110/file1/file0") = 0
umount2("./110/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file1") = 0
umount2("./110/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file2") = 0
umount2("./110/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file3") = 0
umount2("./110/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./110/file1") = -1 EBUSY (Device or resource busy)
umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 38.801239][ T651] loop0: detected capacity change from 0 to 1024
[ 38.811496][ T651] EXT4-fs: Ignoring removed orlov option
[ 38.817194][ T651] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./110/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./110") = 0
mkdir("./111", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 654
./strace-static-x86_64: Process 654 attached
[pid 654] set_robust_list(0x55555607f660, 24) = 0
[pid 654] chdir("./111") = 0
[pid 654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 654] setpgid(0, 0) = 0
[pid 654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 654] write(3, "1000", 4) = 4
[pid 654] close(3) = 0
[pid 654] symlink("/dev/binderfs", "./binderfs") = 0
[pid 654] write(1, "executing program\n", 18executing program
) = 18
[pid 654] memfd_create("syzkaller", 0) = 3
[pid 654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 654] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 654] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 654] close(3) = 0
[pid 654] close(4) = 0
[pid 654] mkdir("./file1", 0777) = 0
[pid 654] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 654] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 654] chdir("./file1") = 0
[pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 654] ioctl(4, LOOP_CLR_FD) = 0
[pid 654] close(4) = 0
[pid 654] chdir("./file0") = 0
[pid 654] creat("./bus", 000) = 4
[pid 654] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 654] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 654] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 654] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 654] exit_group(0) = ?
[pid 654] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=654, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/binderfs") = 0
umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./111/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./111/file1/lost+found") = 0
umount2("./111/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./111/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file0/file0") = 0
umount2("./111/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file0/file1") = 0
umount2("./111/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./111/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./111/file1/file0") = 0
umount2("./111/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file1") = 0
umount2("./111/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file2") = 0
umount2("./111/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file3") = 0
umount2("./111/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./111/file1") = -1 EBUSY (Device or resource busy)
[ 38.875008][ T654] loop0: detected capacity change from 0 to 1024
[ 38.886819][ T654] EXT4-fs: Ignoring removed orlov option
[ 38.892349][ T654] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./111/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./111") = 0
mkdir("./112", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 657
./strace-static-x86_64: Process 657 attached
[pid 657] set_robust_list(0x55555607f660, 24) = 0
[pid 657] chdir("./112") = 0
[pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 657] setpgid(0, 0) = 0
[pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 657] write(3, "1000", 4) = 4
[pid 657] close(3) = 0
[pid 657] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 657] write(1, "executing program\n", 18) = 18
[pid 657] memfd_create("syzkaller", 0) = 3
[pid 657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 657] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 657] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 657] close(3) = 0
[pid 657] close(4) = 0
[pid 657] mkdir("./file1", 0777) = 0
[pid 657] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 657] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 657] chdir("./file1") = 0
[pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 657] ioctl(4, LOOP_CLR_FD) = 0
[pid 657] close(4) = 0
[pid 657] chdir("./file0") = 0
[pid 657] creat("./bus", 000) = 4
[pid 657] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 657] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 657] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 657] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 657] exit_group(0) = ?
[pid 657] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=657, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/binderfs") = 0
umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./112/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./112/file1/lost+found") = 0
umount2("./112/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./112/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file0/file0") = 0
umount2("./112/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file0/file1") = 0
umount2("./112/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./112/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./112/file1/file0") = 0
umount2("./112/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file1") = 0
umount2("./112/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file2") = 0
umount2("./112/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file3") = 0
umount2("./112/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./112/file1") = -1 EBUSY (Device or resource busy)
[ 38.949373][ T657] loop0: detected capacity change from 0 to 1024
[ 38.957644][ T657] EXT4-fs: Ignoring removed orlov option
[ 38.963973][ T657] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./112/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./112") = 0
mkdir("./113", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 660
./strace-static-x86_64: Process 660 attached
[pid 660] set_robust_list(0x55555607f660, 24) = 0
[pid 660] chdir("./113") = 0
[pid 660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 660] setpgid(0, 0) = 0
[pid 660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 660] write(3, "1000", 4) = 4
[pid 660] close(3) = 0
[pid 660] symlink("/dev/binderfs", "./binderfs") = 0
[pid 660] write(1, "executing program\n", 18) = 18
[pid 660] memfd_create("syzkaller", 0) = 3
[pid 660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 660] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 660] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 660] close(3) = 0
[pid 660] close(4) = 0
[pid 660] mkdir("./file1", 0777) = 0
[pid 660] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 660] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 660] chdir("./file1") = 0
[pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 660] ioctl(4, LOOP_CLR_FD) = 0
[pid 660] close(4) = 0
[pid 660] chdir("./file0") = 0
[pid 660] creat("./bus", 000) = 4
[pid 660] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 660] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 660] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 660] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 660] exit_group(0) = ?
[pid 660] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=660, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/binderfs") = 0
umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./113/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./113/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./113/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./113/file1/lost+found") = 0
umount2("./113/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./113/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file0/file0") = 0
umount2("./113/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file0/file1") = 0
umount2("./113/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./113/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./113/file1/file0") = 0
umount2("./113/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file1") = 0
umount2("./113/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file2") = 0
umount2("./113/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file3") = 0
umount2("./113/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./113/file1") = -1 EBUSY (Device or resource busy)
umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 39.014697][ T660] loop0: detected capacity change from 0 to 1024
[ 39.023752][ T660] EXT4-fs: Ignoring removed orlov option
[ 39.029821][ T660] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./113/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./113") = 0
mkdir("./114", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 663
./strace-static-x86_64: Process 663 attached
[pid 663] set_robust_list(0x55555607f660, 24) = 0
[pid 663] chdir("./114") = 0
[pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 663] setpgid(0, 0) = 0
[pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 663] write(3, "1000", 4) = 4
[pid 663] close(3) = 0
[pid 663] symlink("/dev/binderfs", "./binderfs") = 0
[pid 663] write(1, "executing program\n", 18executing program
) = 18
[pid 663] memfd_create("syzkaller", 0) = 3
[pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 663] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 663] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 663] close(3) = 0
[pid 663] close(4) = 0
[pid 663] mkdir("./file1", 0777) = 0
[pid 663] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 663] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 663] chdir("./file1") = 0
[pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 663] ioctl(4, LOOP_CLR_FD) = 0
[pid 663] close(4) = 0
[pid 663] chdir("./file0") = 0
[pid 663] creat("./bus", 000) = 4
[pid 663] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 663] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 663] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 663] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 663] exit_group(0) = ?
[pid 663] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=663, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/binderfs") = 0
umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./114/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./114/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./114/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./114/file1/lost+found") = 0
umount2("./114/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./114/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file0/file0") = 0
umount2("./114/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file0/file1") = 0
umount2("./114/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./114/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./114/file1/file0") = 0
umount2("./114/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file1") = 0
umount2("./114/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file2") = 0
umount2("./114/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file3") = 0
umount2("./114/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./114/file1") = -1 EBUSY (Device or resource busy)
umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 39.088649][ T663] loop0: detected capacity change from 0 to 1024
[ 39.096584][ T663] EXT4-fs: Ignoring removed orlov option
[ 39.102918][ T663] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./114/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./114") = 0
mkdir("./115", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 666
./strace-static-x86_64: Process 666 attached
[pid 666] set_robust_list(0x55555607f660, 24) = 0
[pid 666] chdir("./115") = 0
[pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 666] setpgid(0, 0) = 0
[pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 666] write(3, "1000", 4) = 4
[pid 666] close(3) = 0
[pid 666] symlink("/dev/binderfs", "./binderfs") = 0
[pid 666] write(1, "executing program\n", 18executing program
) = 18
[pid 666] memfd_create("syzkaller", 0) = 3
[pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 666] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 666] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 666] close(3) = 0
[pid 666] close(4) = 0
[pid 666] mkdir("./file1", 0777) = 0
[pid 666] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 666] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 666] chdir("./file1") = 0
[pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 666] ioctl(4, LOOP_CLR_FD) = 0
[pid 666] close(4) = 0
[pid 666] chdir("./file0") = 0
[pid 666] creat("./bus", 000) = 4
[pid 666] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 666] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 666] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 666] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 666] exit_group(0) = ?
[pid 666] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=666, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/binderfs") = 0
umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./115/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./115/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./115/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./115/file1/lost+found") = 0
umount2("./115/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./115/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file0/file0") = 0
umount2("./115/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file0/file1") = 0
umount2("./115/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./115/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./115/file1/file0") = 0
umount2("./115/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file1") = 0
umount2("./115/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file2") = 0
umount2("./115/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file3") = 0
umount2("./115/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./115/file1") = -1 EBUSY (Device or resource busy)
umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./115/file1") = 0
[ 39.161008][ T666] loop0: detected capacity change from 0 to 1024
[ 39.168835][ T666] EXT4-fs: Ignoring removed orlov option
[ 39.174989][ T666] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./115") = 0
mkdir("./116", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 669
./strace-static-x86_64: Process 669 attached
[pid 669] set_robust_list(0x55555607f660, 24) = 0
[pid 669] chdir("./116") = 0
[pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 669] setpgid(0, 0) = 0
[pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 669] write(3, "1000", 4) = 4
[pid 669] close(3) = 0
[pid 669] symlink("/dev/binderfs", "./binderfs") = 0
[pid 669] write(1, "executing program\n", 18executing program
) = 18
[pid 669] memfd_create("syzkaller", 0) = 3
[pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 669] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 669] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 669] close(3) = 0
[pid 669] close(4) = 0
[pid 669] mkdir("./file1", 0777) = 0
[pid 669] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 669] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 669] chdir("./file1") = 0
[pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 669] ioctl(4, LOOP_CLR_FD) = 0
[pid 669] close(4) = 0
[pid 669] chdir("./file0") = 0
[pid 669] creat("./bus", 000) = 4
[pid 669] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 669] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 669] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 669] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 669] exit_group(0) = ?
[pid 669] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=669, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/binderfs") = 0
umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./116/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./116/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./116/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./116/file1/lost+found") = 0
umount2("./116/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./116/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file0/file0") = 0
umount2("./116/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file0/file1") = 0
umount2("./116/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./116/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./116/file1/file0") = 0
umount2("./116/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file1") = 0
umount2("./116/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file2") = 0
umount2("./116/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file3") = 0
umount2("./116/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./116/file1") = -1 EBUSY (Device or resource busy)
umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./116/file1") = 0
[ 39.233819][ T669] loop0: detected capacity change from 0 to 1024
[ 39.243587][ T669] EXT4-fs: Ignoring removed orlov option
[ 39.249277][ T669] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./116") = 0
mkdir("./117", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 672
./strace-static-x86_64: Process 672 attached
[pid 672] set_robust_list(0x55555607f660, 24) = 0
[pid 672] chdir("./117") = 0
[pid 672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 672] setpgid(0, 0) = 0
[pid 672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 672] write(3, "1000", 4) = 4
[pid 672] close(3) = 0
[pid 672] symlink("/dev/binderfs", "./binderfs") = 0
[pid 672] write(1, "executing program\n", 18executing program
) = 18
[pid 672] memfd_create("syzkaller", 0) = 3
[pid 672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 672] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 672] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 672] close(3) = 0
[pid 672] close(4) = 0
[pid 672] mkdir("./file1", 0777) = 0
[pid 672] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 672] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 672] chdir("./file1") = 0
[pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 672] ioctl(4, LOOP_CLR_FD) = 0
[pid 672] close(4) = 0
[pid 672] chdir("./file0") = 0
[pid 672] creat("./bus", 000) = 4
[pid 672] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 672] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 672] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 672] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 672] exit_group(0) = ?
[pid 672] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=672, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/binderfs") = 0
umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./117/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./117/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./117/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./117/file1/lost+found") = 0
umount2("./117/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./117/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file0/file0") = 0
umount2("./117/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file0/file1") = 0
umount2("./117/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./117/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./117/file1/file0") = 0
umount2("./117/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file1") = 0
umount2("./117/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file2") = 0
umount2("./117/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file3") = 0
umount2("./117/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./117/file1") = -1 EBUSY (Device or resource busy)
[ 39.306739][ T672] loop0: detected capacity change from 0 to 1024
[ 39.314471][ T672] EXT4-fs: Ignoring removed orlov option
[ 39.321023][ T672] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./117/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./117") = 0
mkdir("./118", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 675
./strace-static-x86_64: Process 675 attached
[pid 675] set_robust_list(0x55555607f660, 24) = 0
[pid 675] chdir("./118") = 0
[pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 675] setpgid(0, 0) = 0
[pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 675] write(3, "1000", 4) = 4
[pid 675] close(3) = 0
[pid 675] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 675] write(1, "executing program\n", 18) = 18
[pid 675] memfd_create("syzkaller", 0) = 3
[pid 675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 675] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 675] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 675] close(3) = 0
[pid 675] close(4) = 0
[pid 675] mkdir("./file1", 0777) = 0
[pid 675] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 675] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 675] chdir("./file1") = 0
[pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 675] ioctl(4, LOOP_CLR_FD) = 0
[pid 675] close(4) = 0
[pid 675] chdir("./file0") = 0
[pid 675] creat("./bus", 000) = 4
[pid 675] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 675] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 675] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 675] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 675] exit_group(0) = ?
[pid 675] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=675, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/binderfs") = 0
umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./118/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./118/file1/lost+found") = 0
umount2("./118/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./118/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file0/file0") = 0
umount2("./118/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file0/file1") = 0
umount2("./118/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./118/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./118/file1/file0") = 0
umount2("./118/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file1") = 0
umount2("./118/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file2") = 0
umount2("./118/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file3") = 0
umount2("./118/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./118/file1") = -1 EBUSY (Device or resource busy)
umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./118/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./118") = 0
mkdir("./119", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 678
./strace-static-x86_64: Process 678 attached
[pid 678] set_robust_list(0x55555607f660, 24) = 0
[pid 678] chdir("./119") = 0
[pid 678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 678] setpgid(0, 0) = 0
[pid 678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 678] write(3, "1000", 4) = 4
[pid 678] close(3) = 0
[pid 678] symlink("/dev/binderfs", "./binderfs") = 0
[ 39.382343][ T675] loop0: detected capacity change from 0 to 1024
[ 39.390174][ T675] EXT4-fs: Ignoring removed orlov option
[ 39.396841][ T675] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 678] write(1, "executing program\n", 18executing program
) = 18
[pid 678] memfd_create("syzkaller", 0) = 3
[pid 678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 678] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 678] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 678] close(3) = 0
[pid 678] close(4) = 0
[pid 678] mkdir("./file1", 0777) = 0
[pid 678] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 678] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 678] chdir("./file1") = 0
[pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 678] ioctl(4, LOOP_CLR_FD) = 0
[pid 678] close(4) = 0
[pid 678] chdir("./file0") = 0
[pid 678] creat("./bus", 000) = 4
[pid 678] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 678] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 678] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 678] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 678] exit_group(0) = ?
[pid 678] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=678, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/binderfs") = 0
umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./119/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./119/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./119/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./119/file1/lost+found") = 0
umount2("./119/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./119/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file0/file0") = 0
umount2("./119/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file0/file1") = 0
umount2("./119/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./119/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./119/file1/file0") = 0
umount2("./119/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file1") = 0
umount2("./119/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file2") = 0
umount2("./119/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file3") = 0
umount2("./119/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./119/file1") = -1 EBUSY (Device or resource busy)
[ 39.447486][ T678] loop0: detected capacity change from 0 to 1024
[ 39.455268][ T678] EXT4-fs: Ignoring removed orlov option
[ 39.461707][ T678] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./119/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./119") = 0
mkdir("./120", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 681
./strace-static-x86_64: Process 681 attached
[pid 681] set_robust_list(0x55555607f660, 24) = 0
[pid 681] chdir("./120") = 0
[pid 681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 681] setpgid(0, 0) = 0
[pid 681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 681] write(3, "1000", 4) = 4
[pid 681] close(3) = 0
[pid 681] symlink("/dev/binderfs", "./binderfs") = 0
[pid 681] write(1, "executing program\n", 18) = 18
[pid 681] memfd_create("syzkaller", 0) = 3
[pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 681] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 681] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 681] close(3) = 0
[pid 681] close(4) = 0
[pid 681] mkdir("./file1", 0777) = 0
[pid 681] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 681] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 681] chdir("./file1") = 0
[pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 681] ioctl(4, LOOP_CLR_FD) = 0
[pid 681] close(4) = 0
[pid 681] chdir("./file0") = 0
[pid 681] creat("./bus", 000) = 4
[pid 681] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 681] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 681] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 681] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 681] exit_group(0) = ?
[pid 681] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=681, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/binderfs") = 0
umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./120/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./120/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./120/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./120/file1/lost+found") = 0
umount2("./120/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./120/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file0/file0") = 0
umount2("./120/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file0/file1") = 0
umount2("./120/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./120/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./120/file1/file0") = 0
umount2("./120/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file1") = 0
umount2("./120/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file2") = 0
umount2("./120/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file3") = 0
umount2("./120/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./120/file1") = -1 EBUSY (Device or resource busy)
umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 39.515047][ T681] loop0: detected capacity change from 0 to 1024
[ 39.524198][ T681] EXT4-fs: Ignoring removed orlov option
[ 39.530309][ T681] EXT4-fs: Ignoring removed nomblk_io_submit option
rmdir("./120/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./120") = 0
mkdir("./121", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 684 attached
[pid 684] set_robust_list(0x55555607f660, 24) = 0
[pid 684] chdir("./121") = 0
[pid 684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 684] setpgid(0, 0) = 0
[pid 684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 684] write(3, "1000", 4) = 4
[pid 684] close(3) = 0
[pid 684] symlink("/dev/binderfs", "./binderfs") = 0
[pid 684] write(1, "executing program\n", 18) = 18
[pid 303] <... clone resumed>, child_tidptr=0x55555607f650) = 684
[pid 684] memfd_create("syzkaller", 0) = 3
[pid 684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 684] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 684] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 684] close(3) = 0
[pid 684] close(4) = 0
[pid 684] mkdir("./file1", 0777) = 0
[pid 684] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 684] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 684] chdir("./file1") = 0
[pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 684] ioctl(4, LOOP_CLR_FD) = 0
[pid 684] close(4) = 0
[pid 684] chdir("./file0") = 0
[pid 684] creat("./bus", 000) = 4
[pid 684] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 684] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 684] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 684] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 684] exit_group(0) = ?
[pid 684] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=684, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/binderfs") = 0
umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./121/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./121/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./121/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./121/file1/lost+found") = 0
umount2("./121/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./121/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file0/file0") = 0
umount2("./121/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file0/file1") = 0
umount2("./121/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./121/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./121/file1/file0") = 0
umount2("./121/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file1") = 0
umount2("./121/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file2") = 0
umount2("./121/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file3") = 0
umount2("./121/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./121/file1") = -1 EBUSY (Device or resource busy)
[ 39.587419][ T684] loop0: detected capacity change from 0 to 1024
[ 39.595201][ T684] EXT4-fs: Ignoring removed orlov option
[ 39.603589][ T684] EXT4-fs: Ignoring removed nomblk_io_submit option
umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./121/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./121") = 0
mkdir("./122", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 688
./strace-static-x86_64: Process 688 attached
[pid 688] set_robust_list(0x55555607f660, 24) = 0
[pid 688] chdir("./122") = 0
[pid 688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 688] setpgid(0, 0) = 0
[pid 688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 688] write(3, "1000", 4) = 4
[pid 688] close(3) = 0
[pid 688] symlink("/dev/binderfs", "./binderfs") = 0
[pid 688] write(1, "executing program\n", 18executing program
) = 18
[pid 688] memfd_create("syzkaller", 0) = 3
[pid 688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 688] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 688] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 688] close(3) = 0
[pid 688] close(4) = 0
[pid 688] mkdir("./file1", 0777) = 0
[pid 688] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 688] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 688] chdir("./file1") = 0
[pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 688] ioctl(4, LOOP_CLR_FD) = 0
[pid 688] close(4) = 0
[pid 688] chdir("./file0") = 0
[pid 688] creat("./bus", 000) = 4
[pid 688] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 688] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 688] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 688] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 688] exit_group(0) = ?
[pid 688] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=688, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/binderfs") = 0
umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./122/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./122/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./122/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./122/file1/lost+found") = 0
umount2("./122/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./122/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file0/file0") = 0
umount2("./122/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file0/file1") = 0
umount2("./122/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./122/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file0/bus") = 0
[ 39.661340][ T688] loop0: detected capacity change from 0 to 1024
[ 39.669341][ T688] EXT4-fs: Ignoring removed orlov option
[ 39.674907][ T688] EXT4-fs: Ignoring removed nomblk_io_submit option
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./122/file1/file0") = 0
umount2("./122/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file1") = 0
umount2("./122/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file2") = 0
umount2("./122/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file3") = 0
umount2("./122/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./122/file1") = -1 EBUSY (Device or resource busy)
umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./122/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./122") = 0
mkdir("./123", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 691
./strace-static-x86_64: Process 691 attached
[pid 691] set_robust_list(0x55555607f660, 24) = 0
[pid 691] chdir("./123") = 0
[pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 691] setpgid(0, 0) = 0
[pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 691] write(3, "1000", 4) = 4
[pid 691] close(3) = 0
[pid 691] symlink("/dev/binderfs", "./binderfs") = 0
[pid 691] write(1, "executing program\n", 18executing program
) = 18
[pid 691] memfd_create("syzkaller", 0) = 3
[pid 691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[pid 691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 691] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 39.709420][ T303] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor374: inode #1: comm syz-executor374: iget: illegal inode #
[ 39.723451][ T303] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor374: error while reading EA inode 1 err=-117
[pid 691] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 691] close(3) = 0
[pid 691] close(4) = 0
[pid 691] mkdir("./file1", 0777) = 0
[pid 691] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 691] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 691] chdir("./file1") = 0
[pid 691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 691] ioctl(4, LOOP_CLR_FD) = 0
[pid 691] close(4) = 0
[pid 691] chdir("./file0") = 0
[pid 691] creat("./bus", 000) = 4
[pid 691] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 691] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 691] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 691] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 691] exit_group(0) = ?
[pid 691] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=691, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555560806f0 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/binderfs") = 0
umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./123/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./123/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556088730 /* 8 entries */, 32768) = 240
umount2("./123/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./123/file1/lost+found") = 0
umount2("./123/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555556090770 /* 5 entries */, 32768) = 136
umount2("./123/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file0/file0") = 0
umount2("./123/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file0/file1") = 0
umount2("./123/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./123/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file0/bus") = 0
getdents64(5, 0x555556090770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./123/file1/file0") = 0
umount2("./123/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file1") = 0
umount2("./123/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file2") = 0
umount2("./123/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file3") = 0
umount2("./123/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/file1/file.cold") = 0
getdents64(4, 0x555556088730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./123/file1") = -1 EBUSY (Device or resource busy)
umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./123/file1") = 0
getdents64(3, 0x5555560806f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./123") = 0
mkdir("./124", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555607f650) = 694
./strace-static-x86_64: Process 694 attached
[pid 694] set_robust_list(0x55555607f660, 24) = 0
[pid 694] chdir("./124") = 0
[pid 694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 694] setpgid(0, 0) = 0
[pid 694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 694] write(3, "1000", 4) = 4
[pid 694] close(3) = 0
[pid 694] symlink("/dev/binderfs", "./binderfs") = 0
[pid 694] write(1, "executing program\n", 18executing program
) = 18
[pid 694] memfd_create("syzkaller", 0) = 3
[pid 694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe51c9ee000
[ 39.758084][ T691] loop0: detected capacity change from 0 to 1024
[ 39.768276][ T691] EXT4-fs: Ignoring removed orlov option
[ 39.773758][ T691] EXT4-fs: Ignoring removed nomblk_io_submit option
[pid 694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 694] munmap(0x7fe51c9ee000, 138412032) = 0
[pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 694] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 694] close(3) = 0
[pid 694] close(4) = 0
[pid 694] mkdir("./file1", 0777) = 0
[pid 694] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 694] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 694] chdir("./file1") = 0
[pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 694] ioctl(4, LOOP_CLR_FD) = 0
[pid 694] close(4) = 0
[pid 694] chdir("./file0") = 0
[pid 694] creat("./bus", 000) = 4
[pid 694] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 694] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 694] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 694] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 694] exit_group(0) = ?
[pid 694] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=694, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---