./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor543232314
<...>
Warning: Permanently added '10.128.1.19' (ED25519) to the list of known hosts.
execve("./syz-executor543232314", ["./syz-executor543232314"], 0x7ffca6d65fe0 /* 10 vars */) = 0
brk(NULL) = 0x555556534000
brk(0x555556534d00) = 0x555556534d00
arch_prctl(ARCH_SET_FS, 0x555556534380) = 0
set_tid_address(0x555556534650) = 294
set_robust_list(0x555556534660, 24) = 0
rseq(0x555556534ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor543232314", 4096) = 27
getrandom("\x88\xb3\x0d\x8e\x02\x47\x52\x1a", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556534d00
brk(0x555556555d00) = 0x555556555d00
brk(0x555556556000) = 0x555556556000
mprotect(0x7f4933219000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.Wo7pXu", 0700) = 0
chmod("./syzkaller.Wo7pXu", 0777) = 0
chdir("./syzkaller.Wo7pXu") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 295
./strace-static-x86_64: Process 295 attached
[pid 295] set_robust_list(0x555556534660, 24) = 0
[pid 295] chdir("./0") = 0
[pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 295] setpgid(0, 0) = 0
[pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 295] write(3, "1000", 4) = 4
[pid 295] close(3) = 0
[pid 295] symlink("/dev/binderfs", "./binderfs") = 0
[pid 295] memfd_create("syzkaller", 0) = 3
[pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 295] munmap(0x7f492ad65000, 138412032) = 0
[pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 295] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 295] close(3) = 0
[pid 295] mkdir("./file0", 0777) = 0
[ 20.916602][ T28] audit: type=1400 audit(1697993647.235:66): avc: denied { execmem } for pid=294 comm="syz-executor543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 20.927166][ T28] audit: type=1400 audit(1697993647.235:67): avc: denied { read write } for pid=294 comm="syz-executor543" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 20.928661][ T295] loop0: detected capacity change from 0 to 512
[ 20.931378][ T28] audit: type=1400 audit(1697993647.235:68): avc: denied { open } for pid=294 comm="syz-executor543" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 20.934114][ T295] EXT4-fs: Ignoring removed bh option
[ 20.942578][ T28] audit: type=1400 audit(1697993647.235:69): avc: denied { ioctl } for pid=294 comm="syz-executor543" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 20.971657][ T295] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 20.974501][ T28] audit: type=1400 audit(1697993647.245:70): avc: denied { mounton } for pid=295 comm="syz-executor543" path="/root/syzkaller.Wo7pXu/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 20.982273][ T295] EXT4-fs (loop0): 1 truncate cleaned up
[pid 295] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 295] chdir("./file0") = 0
[pid 295] ioctl(4, LOOP_CLR_FD) = 0
[pid 295] close(4) = 0
[pid 295] creat("./bus", 000) = 4
[pid 295] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 295] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 295] chdir("./file0") = 0
[pid 295] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 295] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 295] memfd_create("syzkaller", 0) = 7
[pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 295] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 295] munmap(0x7f492ad65000, 138412032) = 0
[pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 295] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 295] ioctl(8, LOOP_CLR_FD) = 0
[pid 295] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 295] close(8) = 0
[pid 295] close(7) = 0
[ 21.010100][ T295] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 21.019642][ T28] audit: type=1400 audit(1697993647.335:71): avc: denied { mount } for pid=295 comm="syz-executor543" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 21.033707][ T295] ==================================================================
[ 21.048773][ T28] audit: type=1400 audit(1697993647.335:72): avc: denied { write } for pid=295 comm="syz-executor543" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 21.050959][ T295] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0
[ 21.073097][ T28] audit: type=1400 audit(1697993647.335:73): avc: denied { add_name } for pid=295 comm="syz-executor543" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 21.079852][ T295] Read of size 1 at addr ffff888122055d23 by task syz-executor543/295
[ 21.079869][ T295]
[ 21.079874][ T295] CPU: 1 PID: 295 Comm: syz-executor543 Not tainted 6.1.25-syzkaller-00041-g53771c1826da #0
[ 21.079890][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 21.079898][ T295] Call Trace:
[ 21.079903][ T295]
[ 21.079910][ T295] dump_stack_lvl+0x151/0x1b7
[ 21.141844][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 21.147130][ T295] ? _printk+0xd1/0x111
[ 21.151342][ T295] ? __virt_addr_valid+0x242/0x2f0
[ 21.156252][ T295] print_report+0x158/0x4e0
[ 21.160586][ T295] ? __virt_addr_valid+0x242/0x2f0
[ 21.165530][ T295] ? kasan_addr_to_slab+0xd/0x80
[ 21.170323][ T295] ? ext4_search_dir+0xf7/0x1b0
[ 21.175077][ T295] kasan_report+0x13c/0x170
[ 21.179503][ T295] ? ext4_search_dir+0xf7/0x1b0
[ 21.184208][ T295] __asan_report_load1_noabort+0x14/0x20
[ 21.189964][ T295] ext4_search_dir+0xf7/0x1b0
[ 21.194465][ T295] ext4_find_inline_entry+0x4b6/0x5e0
[ 21.199761][ T295] ? ext4_try_create_inline_dir+0x320/0x320
[ 21.205618][ T295] ? avc_has_perm_noaudit+0x2dd/0x430
[ 21.210794][ T295] __ext4_find_entry+0x2b0/0x1af0
[ 21.215850][ T295] ? __kasan_slab_alloc+0x6c/0x80
[ 21.220713][ T295] ? ext4_fname_setup_ci_filename+0x70/0x480
[ 21.226521][ T295] ? ext4_ci_compare+0x660/0x660
[ 21.231467][ T295] ? memcpy+0x56/0x70
[ 21.235286][ T295] ? ext4_fname_prepare_lookup+0x2ea/0x400
[ 21.241893][ T295] ? may_create+0x65a/0x900
[ 21.246226][ T295] ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[ 21.252734][ T295] ext4_lookup+0x176/0x740
[ 21.256985][ T295] ? show_sid+0x270/0x270
[ 21.261159][ T295] ? ext4_add_entry+0xed0/0xed0
[ 21.265840][ T295] ? selinux_inode_create+0x22/0x30
[ 21.271304][ T295] ? security_inode_create+0xbc/0x100
[ 21.276509][ T295] ? ext4_add_entry+0xed0/0xed0
[ 21.281196][ T295] path_openat+0x10fd/0x2d60
[ 21.286120][ T295] ? do_filp_open+0x480/0x480
[ 21.291379][ T295] do_filp_open+0x230/0x480
[ 21.295666][ T295] ? vfs_tmpfile+0x480/0x480
[ 21.300098][ T295] ? alloc_fd+0x4fa/0x5a0
[ 21.304355][ T295] do_sys_openat2+0x13f/0x850
[ 21.309041][ T295] ? ptrace_stop+0x709/0x930
[ 21.313457][ T295] ? do_sys_open+0x220/0x220
[ 21.317884][ T295] ? _raw_spin_unlock_irq+0x4d/0x70
[ 21.322918][ T295] ? ptrace_notify+0x249/0x350
[ 21.327602][ T295] __x64_sys_creat+0x11f/0x160
[ 21.332205][ T295] ? __x64_compat_sys_openat+0x290/0x290
[ 21.337798][ T295] ? syscall_enter_from_user_mode+0x6a/0x190
[ 21.343570][ T295] do_syscall_64+0x3d/0xb0
[ 21.347825][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 21.354682][ T295] RIP: 0033:0x7f49331a4529
[ 21.359034][ T295] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 21.378569][ T295] RSP: 002b:00007ffcdbdcfa98 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 21.386814][ T295] RAX: ffffffffffffffda RBX: 00007f49331ed08d RCX: 00007f49331a4529
[ 21.394623][ T295] RDX: 00007f49331a36c0 RSI: 0000000000000000 RDI: 0000000020000e00
[ 21.402429][ T295] RBP: 0030656c69662f2e R08: 00000000000014ef R09: 0000000020001580
[ 21.410238][ T295] R10: 00000000000014f3 R11: 0000000000000246 R12: 0000000000000001
[ 21.418137][ T295] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffcdbdcfb00
[ 21.425953][ T295]
[ 21.428827][ T295]
[ 21.430981][ T295] The buggy address belongs to the physical page:
[ 21.437333][ T295] page:ffffea0004881540 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122055
[ 21.447735][ T295] flags: 0x4000000000000000(zone=1)
[ 21.452784][ T295] raw: 4000000000000000 ffffea0004881588 ffffea0004881508 0000000000000000
[ 21.461189][ T295] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 21.469715][ T295] page dumped because: kasan: bad access detected
[ 21.476035][ T295] page_owner info is not present (never set?)
[ 21.481933][ T295]
[ 21.484097][ T295] Memory state around the buggy address:
[ 21.489572][ T295] ffff888122055c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.497470][ T295] ffff888122055c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.505366][ T295] >ffff888122055d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.513360][ T295] ^
[ 21.518309][ T295] ffff888122055d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.526282][ T295] ffff888122055e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.534176][ T295] ==================================================================
[ 21.543038][ T295] Disabling lock debugging due to kernel taint
[ 21.549209][ T28] audit: type=1400 audit(1697993647.335:74): avc: denied { create } for pid=295 comm="syz-executor543" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[pid 295] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 295] exit_group(0) = ?
[pid 295] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=0, si_stime=11} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 21.549394][ T295] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 21.569438][ T28] audit: type=1400 audit(1697993647.335:75): avc: denied { write open } for pid=295 comm="syz-executor543" path="/root/syzkaller.Wo7pXu/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 301
./strace-static-x86_64: Process 301 attached
[pid 301] set_robust_list(0x555556534660, 24) = 0
[pid 301] chdir("./1") = 0
[pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 301] setpgid(0, 0) = 0
[pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 301] write(3, "1000", 4) = 4
[pid 301] close(3) = 0
[pid 301] symlink("/dev/binderfs", "./binderfs") = 0
[pid 301] memfd_create("syzkaller", 0) = 3
[pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 301] munmap(0x7f492ad65000, 138412032) = 0
[pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 301] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 301] close(3) = 0
[pid 301] mkdir("./file0", 0777) = 0
[pid 301] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[ 21.614389][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 21.633514][ T301] loop0: detected capacity change from 0 to 512
[ 21.640627][ T301] EXT4-fs: Ignoring removed bh option
[ 21.646605][ T301] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 21.656330][ T301] EXT4-fs (loop0): 1 truncate cleaned up
[pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 301] chdir("./file0") = 0
[pid 301] ioctl(4, LOOP_CLR_FD) = 0
[pid 301] close(4) = 0
[pid 301] creat("./bus", 000) = 4
[pid 301] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 301] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 301] chdir("./file0") = 0
[pid 301] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 301] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 301] memfd_create("syzkaller", 0) = 7
[pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 301] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 301] munmap(0x7f492ad65000, 138412032) = 0
[pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 301] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 301] ioctl(8, LOOP_CLR_FD) = 0
[pid 301] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 301] close(8) = 0
[pid 301] close(7) = 0
[ 21.661866][ T301] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 301] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 301] exit_group(0) = ?
[pid 301] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 304
./strace-static-x86_64: Process 304 attached
[pid 304] set_robust_list(0x555556534660, 24) = 0
[pid 304] chdir("./2") = 0
[pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 304] setpgid(0, 0) = 0
[pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 304] write(3, "1000", 4) = 4
[pid 304] close(3) = 0
[pid 304] symlink("/dev/binderfs", "./binderfs") = 0
[pid 304] memfd_create("syzkaller", 0) = 3
[pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 304] munmap(0x7f492ad65000, 138412032) = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 304] close(3) = 0
[pid 304] mkdir("./file0", 0777) = 0
[ 21.697878][ T301] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 21.721871][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 21.737698][ T304] loop0: detected capacity change from 0 to 512
[pid 304] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 304] chdir("./file0") = 0
[pid 304] ioctl(4, LOOP_CLR_FD) = 0
[pid 304] close(4) = 0
[pid 304] creat("./bus", 000) = 4
[pid 304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 304] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 304] chdir("./file0") = 0
[pid 304] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 304] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 304] memfd_create("syzkaller", 0) = 7
[pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 304] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 304] munmap(0x7f492ad65000, 138412032) = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 304] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 304] ioctl(8, LOOP_CLR_FD) = 0
[pid 304] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 304] close(8) = 0
[pid 304] close(7) = 0
[ 21.744847][ T304] EXT4-fs: Ignoring removed bh option
[ 21.750597][ T304] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 21.759728][ T304] EXT4-fs (loop0): 1 truncate cleaned up
[ 21.765243][ T304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 304] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 304] exit_group(0) = ?
[pid 304] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 306
./strace-static-x86_64: Process 306 attached
[pid 306] set_robust_list(0x555556534660, 24) = 0
[pid 306] chdir("./3") = 0
[pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 306] setpgid(0, 0) = 0
[pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 306] write(3, "1000", 4) = 4
[pid 306] close(3) = 0
[pid 306] symlink("/dev/binderfs", "./binderfs") = 0
[pid 306] memfd_create("syzkaller", 0) = 3
[pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 306] munmap(0x7f492ad65000, 138412032) = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 306] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 306] close(3) = 0
[pid 306] mkdir("./file0", 0777) = 0
[ 21.783752][ T304] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 21.808529][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 21.830421][ T306] loop0: detected capacity change from 0 to 512
[ 21.838890][ T306] EXT4-fs: Ignoring removed bh option
[pid 306] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 306] chdir("./file0") = 0
[pid 306] ioctl(4, LOOP_CLR_FD) = 0
[pid 306] close(4) = 0
[pid 306] creat("./bus", 000) = 4
[pid 306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 306] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 306] chdir("./file0") = 0
[pid 306] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 306] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 306] memfd_create("syzkaller", 0) = 7
[pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 306] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 306] munmap(0x7f492ad65000, 138412032) = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 306] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 306] ioctl(8, LOOP_CLR_FD) = 0
[pid 306] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 306] close(8) = 0
[pid 306] close(7) = 0
[pid 306] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 306] exit_group(0) = ?
[ 21.844616][ T306] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 21.854074][ T306] EXT4-fs (loop0): 1 truncate cleaned up
[ 21.859680][ T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 306] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] set_robust_list(0x555556534660, 24) = 0
[pid 308] chdir("./4") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] close(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
[pid 308] memfd_create("syzkaller", 0) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 308] munmap(0x7f492ad65000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] close(3) = 0
[pid 308] mkdir("./file0", 0777) = 0
[ 21.879493][ T306] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 21.903420][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 21.922463][ T308] loop0: detected capacity change from 0 to 512
[ 21.929565][ T308] EXT4-fs: Ignoring removed bh option
[ 21.935549][ T308] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 308] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file0") = 0
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] close(4) = 0
[pid 308] creat("./bus", 000) = 4
[pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 308] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 308] chdir("./file0") = 0
[pid 308] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 308] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 308] memfd_create("syzkaller", 0) = 7
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 308] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 308] munmap(0x7f492ad65000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 308] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 308] ioctl(8, LOOP_CLR_FD) = 0
[pid 308] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 308] close(8) = 0
[pid 308] close(7) = 0
[pid 308] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 21.944946][ T308] EXT4-fs (loop0): 1 truncate cleaned up
[ 21.950727][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 21.968854][ T308] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 310
./strace-static-x86_64: Process 310 attached
[pid 310] set_robust_list(0x555556534660, 24) = 0
[pid 310] chdir("./5") = 0
[pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 310] setpgid(0, 0) = 0
[pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 310] write(3, "1000", 4) = 4
[pid 310] close(3) = 0
[pid 310] symlink("/dev/binderfs", "./binderfs") = 0
[pid 310] memfd_create("syzkaller", 0) = 3
[pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 310] munmap(0x7f492ad65000, 138412032) = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 310] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 310] close(3) = 0
[pid 310] mkdir("./file0", 0777) = 0
[ 21.994027][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 22.016316][ T310] loop0: detected capacity change from 0 to 512
[ 22.023893][ T310] EXT4-fs: Ignoring removed bh option
[ 22.029677][ T310] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.039086][ T310] EXT4-fs (loop0): 1 truncate cleaned up
[pid 310] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 310] chdir("./file0") = 0
[pid 310] ioctl(4, LOOP_CLR_FD) = 0
[pid 310] close(4) = 0
[pid 310] creat("./bus", 000) = 4
[pid 310] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 310] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 310] chdir("./file0") = 0
[pid 310] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 310] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 310] memfd_create("syzkaller", 0) = 7
[pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 310] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 310] munmap(0x7f492ad65000, 138412032) = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 310] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 310] ioctl(8, LOOP_CLR_FD) = 0
[pid 310] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 310] close(8) = 0
[pid 310] close(7) = 0
[pid 310] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 310] exit_group(0) = ?
[pid 310] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 22.044622][ T310] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 22.068190][ T310] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 312
./strace-static-x86_64: Process 312 attached
[pid 312] set_robust_list(0x555556534660, 24) = 0
[pid 312] chdir("./6") = 0
[pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 312] setpgid(0, 0) = 0
[pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 312] write(3, "1000", 4) = 4
[pid 312] close(3) = 0
[pid 312] symlink("/dev/binderfs", "./binderfs") = 0
[pid 312] memfd_create("syzkaller", 0) = 3
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 312] munmap(0x7f492ad65000, 138412032) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 312] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 312] close(3) = 0
[pid 312] mkdir("./file0", 0777) = 0
[ 22.100545][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 22.123542][ T312] loop0: detected capacity change from 0 to 512
[ 22.130856][ T312] EXT4-fs: Ignoring removed bh option
[ 22.136358][ T312] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 312] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 312] chdir("./file0") = 0
[pid 312] ioctl(4, LOOP_CLR_FD) = 0
[pid 312] close(4) = 0
[pid 312] creat("./bus", 000) = 4
[pid 312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 312] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 312] chdir("./file0") = 0
[pid 312] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 312] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 312] memfd_create("syzkaller", 0) = 7
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 312] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 312] munmap(0x7f492ad65000, 138412032) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 312] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 312] ioctl(8, LOOP_CLR_FD) = 0
[pid 312] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 312] close(8) = 0
[pid 312] close(7) = 0
[pid 312] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 312] exit_group(0) = ?
[pid 312] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 22.145856][ T312] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.151306][ T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 22.177735][ T312] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 314
./strace-static-x86_64: Process 314 attached
[pid 314] set_robust_list(0x555556534660, 24) = 0
[pid 314] chdir("./7") = 0
[pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 314] setpgid(0, 0) = 0
[pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 314] write(3, "1000", 4) = 4
[pid 314] close(3) = 0
[pid 314] symlink("/dev/binderfs", "./binderfs") = 0
[pid 314] memfd_create("syzkaller", 0) = 3
[pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 314] munmap(0x7f492ad65000, 138412032) = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 314] close(3) = 0
[pid 314] mkdir("./file0", 0777) = 0
[ 22.201358][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 22.222571][ T314] loop0: detected capacity change from 0 to 512
[ 22.229607][ T314] EXT4-fs: Ignoring removed bh option
[ 22.235021][ T314] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.244280][ T314] EXT4-fs (loop0): 1 truncate cleaned up
[pid 314] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 314] chdir("./file0") = 0
[pid 314] ioctl(4, LOOP_CLR_FD) = 0
[pid 314] close(4) = 0
[pid 314] creat("./bus", 000) = 4
[pid 314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 314] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 314] chdir("./file0") = 0
[pid 314] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 314] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 314] memfd_create("syzkaller", 0) = 7
[pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 314] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 314] munmap(0x7f492ad65000, 138412032) = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 314] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 314] ioctl(8, LOOP_CLR_FD) = 0
[pid 314] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 314] close(8) = 0
[pid 314] close(7) = 0
[pid 314] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 314] exit_group(0) = ?
[pid 314] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 316
./strace-static-x86_64: Process 316 attached
[pid 316] set_robust_list(0x555556534660, 24) = 0
[pid 316] chdir("./8") = 0
[pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 316] setpgid(0, 0) = 0
[pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 316] write(3, "1000", 4) = 4
[pid 316] close(3) = 0
[pid 316] symlink("/dev/binderfs", "./binderfs") = 0
[pid 316] memfd_create("syzkaller", 0) = 3
[pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 316] munmap(0x7f492ad65000, 138412032) = 0
[pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.249985][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 22.268258][ T314] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.293012][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 316] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 316] close(3) = 0
[pid 316] mkdir("./file0", 0777) = 0
[pid 316] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 316] chdir("./file0") = 0
[pid 316] ioctl(4, LOOP_CLR_FD) = 0
[pid 316] close(4) = 0
[pid 316] creat("./bus", 000) = 4
[pid 316] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 316] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 316] chdir("./file0") = 0
[pid 316] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 316] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 316] memfd_create("syzkaller", 0) = 7
[pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 316] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 316] munmap(0x7f492ad65000, 138412032) = 0
[pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 316] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 316] ioctl(8, LOOP_CLR_FD) = 0
[pid 316] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 316] close(8) = 0
[pid 316] close(7) = 0
[ 22.314253][ T316] loop0: detected capacity change from 0 to 512
[ 22.323243][ T316] EXT4-fs: Ignoring removed bh option
[ 22.329390][ T316] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.338950][ T316] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.344530][ T316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 316] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 316] exit_group(0) = ?
[pid 316] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 318
./strace-static-x86_64: Process 318 attached
[pid 318] set_robust_list(0x555556534660, 24) = 0
[pid 318] chdir("./9") = 0
[pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 318] setpgid(0, 0) = 0
[pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 318] write(3, "1000", 4) = 4
[pid 318] close(3) = 0
[pid 318] symlink("/dev/binderfs", "./binderfs") = 0
[pid 318] memfd_create("syzkaller", 0) = 3
[pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 318] munmap(0x7f492ad65000, 138412032) = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 318] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 318] close(3) = 0
[pid 318] mkdir("./file0", 0777) = 0
[ 22.374968][ T316] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.398430][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 22.418359][ T318] loop0: detected capacity change from 0 to 512
[pid 318] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 318] chdir("./file0") = 0
[pid 318] ioctl(4, LOOP_CLR_FD) = 0
[pid 318] close(4) = 0
[pid 318] creat("./bus", 000) = 4
[pid 318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 318] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 318] chdir("./file0") = 0
[pid 318] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 318] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 318] memfd_create("syzkaller", 0) = 7
[pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 318] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 318] munmap(0x7f492ad65000, 138412032) = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 318] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 318] ioctl(8, LOOP_CLR_FD) = 0
[pid 318] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 318] close(8) = 0
[pid 318] close(7) = 0
[ 22.426123][ T318] EXT4-fs: Ignoring removed bh option
[ 22.431856][ T318] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.441268][ T318] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.446932][ T318] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 318] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 318] exit_group(0) = ?
[pid 318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 320
./strace-static-x86_64: Process 320 attached
[pid 320] set_robust_list(0x555556534660, 24) = 0
[pid 320] chdir("./10") = 0
[pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 320] setpgid(0, 0) = 0
[pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 320] write(3, "1000", 4) = 4
[pid 320] close(3) = 0
[pid 320] symlink("/dev/binderfs", "./binderfs") = 0
[pid 320] memfd_create("syzkaller", 0) = 3
[pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 320] munmap(0x7f492ad65000, 138412032) = 0
[pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 320] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 320] close(3) = 0
[pid 320] mkdir("./file0", 0777) = 0
[ 22.469919][ T318] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.494848][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 22.515844][ T320] loop0: detected capacity change from 0 to 512
[pid 320] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 320] chdir("./file0") = 0
[pid 320] ioctl(4, LOOP_CLR_FD) = 0
[pid 320] close(4) = 0
[pid 320] creat("./bus", 000) = 4
[pid 320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 320] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 320] chdir("./file0") = 0
[pid 320] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 320] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 320] memfd_create("syzkaller", 0) = 7
[pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 320] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 320] munmap(0x7f492ad65000, 138412032) = 0
[pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 320] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 320] ioctl(8, LOOP_CLR_FD) = 0
[pid 320] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 320] close(8) = 0
[pid 320] close(7) = 0
[ 22.523647][ T320] EXT4-fs: Ignoring removed bh option
[ 22.529679][ T320] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.539042][ T320] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.544507][ T320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 320] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 320] exit_group(0) = ?
[pid 320] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 323
./strace-static-x86_64: Process 323 attached
[pid 323] set_robust_list(0x555556534660, 24) = 0
[pid 323] chdir("./11") = 0
[pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 323] setpgid(0, 0) = 0
[pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 323] write(3, "1000", 4) = 4
[pid 323] close(3) = 0
[pid 323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 323] memfd_create("syzkaller", 0) = 3
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 323] munmap(0x7f492ad65000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.579290][ T320] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.602853][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 323] close(3) = 0
[pid 323] mkdir("./file0", 0777) = 0
[pid 323] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 323] chdir("./file0") = 0
[pid 323] ioctl(4, LOOP_CLR_FD) = 0
[pid 323] close(4) = 0
[pid 323] creat("./bus", 000) = 4
[pid 323] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 323] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 323] chdir("./file0") = 0
[pid 323] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 323] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 323] memfd_create("syzkaller", 0) = 7
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 323] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 323] munmap(0x7f492ad65000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 323] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 323] ioctl(8, LOOP_CLR_FD) = 0
[pid 323] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 323] close(8) = 0
[pid 323] close(7) = 0
[ 22.623863][ T323] loop0: detected capacity change from 0 to 512
[ 22.631697][ T323] EXT4-fs: Ignoring removed bh option
[ 22.637700][ T323] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.647079][ T323] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.652716][ T323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 323] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 323] exit_group(0) = ?
[pid 323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 325
./strace-static-x86_64: Process 325 attached
[pid 325] set_robust_list(0x555556534660, 24) = 0
[pid 325] chdir("./12") = 0
[pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 325] setpgid(0, 0) = 0
[pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 325] write(3, "1000", 4) = 4
[pid 325] close(3) = 0
[pid 325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 325] memfd_create("syzkaller", 0) = 3
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 325] munmap(0x7f492ad65000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 325] close(3) = 0
[pid 325] mkdir("./file0", 0777) = 0
[ 22.677279][ T323] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.700769][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 22.715707][ T325] loop0: detected capacity change from 0 to 512
[ 22.722816][ T325] EXT4-fs: Ignoring removed bh option
[pid 325] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 325] chdir("./file0") = 0
[pid 325] ioctl(4, LOOP_CLR_FD) = 0
[pid 325] close(4) = 0
[pid 325] creat("./bus", 000) = 4
[pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 325] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 325] chdir("./file0") = 0
[pid 325] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 325] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 325] memfd_create("syzkaller", 0) = 7
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 325] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 325] munmap(0x7f492ad65000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 325] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 325] ioctl(8, LOOP_CLR_FD) = 0
[pid 325] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 325] close(8) = 0
[pid 325] close(7) = 0
[ 22.728849][ T325] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.738570][ T325] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.744429][ T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 325] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 325] exit_group(0) = ?
[pid 325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 327
./strace-static-x86_64: Process 327 attached
[pid 327] set_robust_list(0x555556534660, 24) = 0
[pid 327] chdir("./13") = 0
[pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 327] setpgid(0, 0) = 0
[pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 327] write(3, "1000", 4) = 4
[pid 327] close(3) = 0
[pid 327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 327] memfd_create("syzkaller", 0) = 3
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 327] munmap(0x7f492ad65000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.776127][ T325] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.807567][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 327] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 327] close(3) = 0
[pid 327] mkdir("./file0", 0777) = 0
[pid 327] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 327] chdir("./file0") = 0
[pid 327] ioctl(4, LOOP_CLR_FD) = 0
[pid 327] close(4) = 0
[pid 327] creat("./bus", 000) = 4
[pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 327] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 327] chdir("./file0") = 0
[pid 327] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 327] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 327] memfd_create("syzkaller", 0) = 7
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 327] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 327] munmap(0x7f492ad65000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 327] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 327] ioctl(8, LOOP_CLR_FD) = 0
[pid 327] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 327] close(8) = 0
[pid 327] close(7) = 0
[ 22.836167][ T327] loop0: detected capacity change from 0 to 512
[ 22.843342][ T327] EXT4-fs: Ignoring removed bh option
[ 22.849113][ T327] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.858532][ T327] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.864018][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 327] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 327] exit_group(0) = ?
[pid 327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x555556534660, 24) = 0
[pid 329] chdir("./14") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 329] memfd_create("syzkaller", 0) = 3
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 329] munmap(0x7f492ad65000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.895192][ T327] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 22.923556][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 329] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 329] close(3) = 0
[pid 329] mkdir("./file0", 0777) = 0
[pid 329] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 329] chdir("./file0") = 0
[pid 329] ioctl(4, LOOP_CLR_FD) = 0
[pid 329] close(4) = 0
[pid 329] creat("./bus", 000) = 4
[pid 329] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 329] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 329] chdir("./file0") = 0
[pid 329] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 329] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 329] memfd_create("syzkaller", 0) = 7
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 329] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 329] munmap(0x7f492ad65000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 329] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 329] ioctl(8, LOOP_CLR_FD) = 0
[pid 329] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 329] close(8) = 0
[pid 329] close(7) = 0
[ 22.957247][ T329] loop0: detected capacity change from 0 to 512
[ 22.965473][ T329] EXT4-fs: Ignoring removed bh option
[ 22.971217][ T329] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 22.980930][ T329] EXT4-fs (loop0): 1 truncate cleaned up
[ 22.986652][ T329] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 329] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 329] exit_group(0) = ?
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 331
./strace-static-x86_64: Process 331 attached
[pid 331] set_robust_list(0x555556534660, 24) = 0
[pid 331] chdir("./15") = 0
[pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 331] setpgid(0, 0) = 0
[pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 331] write(3, "1000", 4) = 4
[pid 331] close(3) = 0
[pid 331] symlink("/dev/binderfs", "./binderfs") = 0
[pid 331] memfd_create("syzkaller", 0) = 3
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 331] munmap(0x7f492ad65000, 138412032) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.026310][ T329] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.052842][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 331] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 331] close(3) = 0
[pid 331] mkdir("./file0", 0777) = 0
[pid 331] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 331] chdir("./file0") = 0
[pid 331] ioctl(4, LOOP_CLR_FD) = 0
[pid 331] close(4) = 0
[pid 331] creat("./bus", 000) = 4
[pid 331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 331] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 331] chdir("./file0") = 0
[pid 331] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 331] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 331] memfd_create("syzkaller", 0) = 7
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 331] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 331] munmap(0x7f492ad65000, 138412032) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 331] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 331] ioctl(8, LOOP_CLR_FD) = 0
[pid 331] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 331] close(8) = 0
[pid 331] close(7) = 0
[ 23.073171][ T331] loop0: detected capacity change from 0 to 512
[ 23.080239][ T331] EXT4-fs: Ignoring removed bh option
[ 23.087190][ T331] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.096601][ T331] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.102135][ T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 331] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 331] exit_group(0) = ?
[pid 331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 333
./strace-static-x86_64: Process 333 attached
[pid 333] set_robust_list(0x555556534660, 24) = 0
[pid 333] chdir("./16") = 0
[pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 333] setpgid(0, 0) = 0
[pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 333] write(3, "1000", 4) = 4
[pid 333] close(3) = 0
[pid 333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 333] memfd_create("syzkaller", 0) = 3
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 333] munmap(0x7f492ad65000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.132699][ T331] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.162433][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 333] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 333] close(3) = 0
[pid 333] mkdir("./file0", 0777) = 0
[pid 333] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 333] chdir("./file0") = 0
[pid 333] ioctl(4, LOOP_CLR_FD) = 0
[pid 333] close(4) = 0
[pid 333] creat("./bus", 000) = 4
[pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 333] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 333] chdir("./file0") = 0
[pid 333] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 333] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 333] memfd_create("syzkaller", 0) = 7
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 333] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 333] munmap(0x7f492ad65000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 333] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 333] ioctl(8, LOOP_CLR_FD) = 0
[pid 333] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 333] close(8) = 0
[pid 333] close(7) = 0
[ 23.190108][ T333] loop0: detected capacity change from 0 to 512
[ 23.198161][ T333] EXT4-fs: Ignoring removed bh option
[ 23.203897][ T333] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.213193][ T333] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.218717][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 333] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 333] exit_group(0) = ?
[pid 333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 335
./strace-static-x86_64: Process 335 attached
[pid 335] set_robust_list(0x555556534660, 24) = 0
[pid 335] chdir("./17") = 0
[pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 335] setpgid(0, 0) = 0
[pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 335] write(3, "1000", 4) = 4
[pid 335] close(3) = 0
[pid 335] symlink("/dev/binderfs", "./binderfs") = 0
[pid 335] memfd_create("syzkaller", 0) = 3
[pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 335] munmap(0x7f492ad65000, 138412032) = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 335] close(3) = 0
[pid 335] mkdir("./file0", 0777) = 0
[ 23.236978][ T333] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.260433][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 23.283078][ T335] loop0: detected capacity change from 0 to 512
[pid 335] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 335] chdir("./file0") = 0
[pid 335] ioctl(4, LOOP_CLR_FD) = 0
[pid 335] close(4) = 0
[pid 335] creat("./bus", 000) = 4
[pid 335] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 335] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 335] chdir("./file0") = 0
[pid 335] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 335] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 335] memfd_create("syzkaller", 0) = 7
[pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 335] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 335] munmap(0x7f492ad65000, 138412032) = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 335] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 335] ioctl(8, LOOP_CLR_FD) = 0
[pid 335] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 335] close(8) = 0
[pid 335] close(7) = 0
[ 23.290254][ T335] EXT4-fs: Ignoring removed bh option
[ 23.296371][ T335] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.306052][ T335] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.311509][ T335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 335] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 335] exit_group(0) = ?
[pid 335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 337
./strace-static-x86_64: Process 337 attached
[pid 337] set_robust_list(0x555556534660, 24) = 0
[pid 337] chdir("./18") = 0
[pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 337] setpgid(0, 0) = 0
[pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 337] write(3, "1000", 4) = 4
[pid 337] close(3) = 0
[pid 337] symlink("/dev/binderfs", "./binderfs") = 0
[pid 337] memfd_create("syzkaller", 0) = 3
[pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 337] munmap(0x7f492ad65000, 138412032) = 0
[pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.346055][ T335] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.379264][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 337] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 337] close(3) = 0
[pid 337] mkdir("./file0", 0777) = 0
[pid 337] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 337] chdir("./file0") = 0
[pid 337] ioctl(4, LOOP_CLR_FD) = 0
[pid 337] close(4) = 0
[pid 337] creat("./bus", 000) = 4
[pid 337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 337] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 337] chdir("./file0") = 0
[pid 337] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 337] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 337] memfd_create("syzkaller", 0) = 7
[pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 337] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 337] munmap(0x7f492ad65000, 138412032) = 0
[pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 337] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 337] ioctl(8, LOOP_CLR_FD) = 0
[pid 337] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 337] close(8) = 0
[ 23.400804][ T337] loop0: detected capacity change from 0 to 512
[ 23.408200][ T337] EXT4-fs: Ignoring removed bh option
[ 23.413779][ T337] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.423779][ T337] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.429293][ T337] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 337] close(7) = 0
[pid 337] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 337] exit_group(0) = ?
[pid 337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 339
./strace-static-x86_64: Process 339 attached
[pid 339] set_robust_list(0x555556534660, 24) = 0
[pid 339] chdir("./19") = 0
[pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 339] setpgid(0, 0) = 0
[pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 339] write(3, "1000", 4) = 4
[pid 339] close(3) = 0
[pid 339] symlink("/dev/binderfs", "./binderfs") = 0
[pid 339] memfd_create("syzkaller", 0) = 3
[pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 339] munmap(0x7f492ad65000, 138412032) = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.451061][ T337] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.479365][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 339] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 339] close(3) = 0
[pid 339] mkdir("./file0", 0777) = 0
[pid 339] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 339] chdir("./file0") = 0
[pid 339] ioctl(4, LOOP_CLR_FD) = 0
[pid 339] close(4) = 0
[pid 339] creat("./bus", 000) = 4
[pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 339] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 339] chdir("./file0") = 0
[pid 339] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 339] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 339] memfd_create("syzkaller", 0) = 7
[pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 339] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 339] munmap(0x7f492ad65000, 138412032) = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 339] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 339] ioctl(8, LOOP_CLR_FD) = 0
[pid 339] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 339] close(8) = 0
[pid 339] close(7) = 0
[ 23.501230][ T339] loop0: detected capacity change from 0 to 512
[ 23.508463][ T339] EXT4-fs: Ignoring removed bh option
[ 23.514228][ T339] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.524043][ T339] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.529703][ T339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 339] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 339] exit_group(0) = ?
[pid 339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x555556534660, 24) = 0
[pid 342] chdir("./20") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 342] munmap(0x7f492ad65000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.553995][ T339] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.590572][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] close(3) = 0
[pid 342] mkdir("./file0", 0777) = 0
[pid 342] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("./file0") = 0
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] close(4) = 0
[pid 342] creat("./bus", 000) = 4
[pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 342] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 342] chdir("./file0") = 0
[pid 342] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 342] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 342] memfd_create("syzkaller", 0) = 7
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 342] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 342] munmap(0x7f492ad65000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 342] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 342] ioctl(8, LOOP_CLR_FD) = 0
[pid 342] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 342] close(8) = 0
[pid 342] close(7) = 0
[ 23.612515][ T342] loop0: detected capacity change from 0 to 512
[ 23.620360][ T342] EXT4-fs: Ignoring removed bh option
[ 23.628967][ T342] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.638480][ T342] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.644058][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 342] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 344
./strace-static-x86_64: Process 344 attached
[pid 344] set_robust_list(0x555556534660, 24) = 0
[pid 344] chdir("./21") = 0
[pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 344] setpgid(0, 0) = 0
[pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 344] write(3, "1000", 4) = 4
[pid 344] close(3) = 0
[pid 344] symlink("/dev/binderfs", "./binderfs") = 0
[pid 344] memfd_create("syzkaller", 0) = 3
[pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 344] munmap(0x7f492ad65000, 138412032) = 0
[pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.662629][ T342] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.690041][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 344] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 344] close(3) = 0
[pid 344] mkdir("./file0", 0777) = 0
[pid 344] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 344] chdir("./file0") = 0
[pid 344] ioctl(4, LOOP_CLR_FD) = 0
[pid 344] close(4) = 0
[pid 344] creat("./bus", 000) = 4
[pid 344] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 344] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 344] chdir("./file0") = 0
[pid 344] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 344] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 344] memfd_create("syzkaller", 0) = 7
[pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 344] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 344] munmap(0x7f492ad65000, 138412032) = 0
[pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 344] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 344] ioctl(8, LOOP_CLR_FD) = 0
[pid 344] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[ 23.713964][ T344] loop0: detected capacity change from 0 to 512
[ 23.722243][ T344] EXT4-fs: Ignoring removed bh option
[ 23.728103][ T344] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.737203][ T344] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.743285][ T344] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 344] close(8) = 0
[pid 344] close(7) = 0
[pid 344] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 344] exit_group(0) = ?
[pid 344] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 346
./strace-static-x86_64: Process 346 attached
[pid 346] set_robust_list(0x555556534660, 24) = 0
[pid 346] chdir("./22") = 0
[pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 346] setpgid(0, 0) = 0
[pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 346] write(3, "1000", 4) = 4
[pid 346] close(3) = 0
[pid 346] symlink("/dev/binderfs", "./binderfs") = 0
[pid 346] memfd_create("syzkaller", 0) = 3
[pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 346] munmap(0x7f492ad65000, 138412032) = 0
[pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.765723][ T344] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.801111][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 346] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 346] close(3) = 0
[pid 346] mkdir("./file0", 0777) = 0
[pid 346] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 346] chdir("./file0") = 0
[pid 346] ioctl(4, LOOP_CLR_FD) = 0
[pid 346] close(4) = 0
[pid 346] creat("./bus", 000) = 4
[pid 346] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 346] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 346] chdir("./file0") = 0
[pid 346] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 346] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 346] memfd_create("syzkaller", 0) = 7
[pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 346] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 346] munmap(0x7f492ad65000, 138412032) = 0
[pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 346] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 346] ioctl(8, LOOP_CLR_FD) = 0
[pid 346] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[ 23.816124][ T346] loop0: detected capacity change from 0 to 512
[ 23.823107][ T346] EXT4-fs: Ignoring removed bh option
[ 23.828791][ T346] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.838008][ T346] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.843456][ T346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 346] close(8) = 0
[pid 346] close(7) = 0
[pid 346] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 346] exit_group(0) = ?
[pid 346] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x555556534660, 24) = 0
[pid 348] chdir("./23") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 348] munmap(0x7f492ad65000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] mkdir("./file0", 0777) = 0
[ 23.865788][ T346] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.888974][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 23.910259][ T348] loop0: detected capacity change from 0 to 512
[pid 348] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("./file0") = 0
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] creat("./bus", 000) = 4
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 348] chdir("./file0") = 0
[pid 348] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 348] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 348] memfd_create("syzkaller", 0) = 7
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 348] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 348] munmap(0x7f492ad65000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 348] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 348] ioctl(8, LOOP_CLR_FD) = 0
[pid 348] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 348] close(8) = 0
[pid 348] close(7) = 0
[ 23.917627][ T348] EXT4-fs: Ignoring removed bh option
[ 23.923245][ T348] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 23.932444][ T348] EXT4-fs (loop0): 1 truncate cleaned up
[ 23.938101][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 348] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 350
./strace-static-x86_64: Process 350 attached
[pid 350] set_robust_list(0x555556534660, 24) = 0
[pid 350] chdir("./24") = 0
[pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 350] setpgid(0, 0) = 0
[pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 350] write(3, "1000", 4) = 4
[pid 350] close(3) = 0
[pid 350] symlink("/dev/binderfs", "./binderfs") = 0
[pid 350] memfd_create("syzkaller", 0) = 3
[pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 350] munmap(0x7f492ad65000, 138412032) = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.967993][ T348] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 23.991381][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 350] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 350] close(3) = 0
[pid 350] mkdir("./file0", 0777) = 0
[pid 350] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 350] chdir("./file0") = 0
[pid 350] ioctl(4, LOOP_CLR_FD) = 0
[pid 350] close(4) = 0
[pid 350] creat("./bus", 000) = 4
[pid 350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 350] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 350] chdir("./file0") = 0
[pid 350] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 350] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 350] memfd_create("syzkaller", 0) = 7
[pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 350] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 350] munmap(0x7f492ad65000, 138412032) = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 350] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 350] ioctl(8, LOOP_CLR_FD) = 0
[pid 350] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 350] close(8) = 0
[pid 350] close(7) = 0
[ 24.012562][ T350] loop0: detected capacity change from 0 to 512
[ 24.020570][ T350] EXT4-fs: Ignoring removed bh option
[ 24.026417][ T350] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.035909][ T350] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.041357][ T350] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 350] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 350] exit_group(0) = ?
[pid 350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 352
./strace-static-x86_64: Process 352 attached
[pid 352] set_robust_list(0x555556534660, 24) = 0
[pid 352] chdir("./25") = 0
[pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 352] setpgid(0, 0) = 0
[pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 352] write(3, "1000", 4) = 4
[pid 352] close(3) = 0
[pid 352] symlink("/dev/binderfs", "./binderfs") = 0
[pid 352] memfd_create("syzkaller", 0) = 3
[pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 352] munmap(0x7f492ad65000, 138412032) = 0
[pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 352] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 352] close(3) = 0
[pid 352] mkdir("./file0", 0777) = 0
[ 24.071977][ T350] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.099896][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.114392][ T352] loop0: detected capacity change from 0 to 512
[pid 352] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 352] chdir("./file0") = 0
[pid 352] ioctl(4, LOOP_CLR_FD) = 0
[pid 352] close(4) = 0
[pid 352] creat("./bus", 000) = 4
[pid 352] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 352] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 352] chdir("./file0") = 0
[pid 352] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 352] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 352] memfd_create("syzkaller", 0) = 7
[pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 352] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 352] munmap(0x7f492ad65000, 138412032) = 0
[pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 352] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 352] ioctl(8, LOOP_CLR_FD) = 0
[pid 352] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 352] close(8) = 0
[pid 352] close(7) = 0
[ 24.122638][ T352] EXT4-fs: Ignoring removed bh option
[ 24.128580][ T352] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.137913][ T352] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.143387][ T352] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 352] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 352] exit_group(0) = ?
[pid 352] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x555556534660, 24) = 0
[pid 354] chdir("./26") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 354] munmap(0x7f492ad65000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] mkdir("./file0", 0777) = 0
[ 24.167149][ T352] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.190269][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.211078][ T354] loop0: detected capacity change from 0 to 512
[pid 354] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file0") = 0
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] creat("./bus", 000) = 4
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 354] chdir("./file0") = 0
[pid 354] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 354] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 354] memfd_create("syzkaller", 0) = 7
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 354] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 354] munmap(0x7f492ad65000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 354] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 354] ioctl(8, LOOP_CLR_FD) = 0
[pid 354] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 354] close(8) = 0
[pid 354] close(7) = 0
[ 24.218395][ T354] EXT4-fs: Ignoring removed bh option
[ 24.223922][ T354] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.233397][ T354] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.238905][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 354] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 356 attached
[pid 356] set_robust_list(0x555556534660, 24) = 0
[pid 356] chdir("./27"
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 356
[pid 356] <... chdir resumed>) = 0
[pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 356] setpgid(0, 0) = 0
[pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 356] write(3, "1000", 4) = 4
[pid 356] close(3) = 0
[pid 356] symlink("/dev/binderfs", "./binderfs") = 0
[pid 356] memfd_create("syzkaller", 0) = 3
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 356] munmap(0x7f492ad65000, 138412032) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 356] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 356] close(3) = 0
[pid 356] mkdir("./file0", 0777) = 0
[ 24.261216][ T354] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.284504][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.307012][ T356] loop0: detected capacity change from 0 to 512
[ 24.315407][ T356] EXT4-fs: Ignoring removed bh option
[pid 356] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 356] chdir("./file0") = 0
[pid 356] ioctl(4, LOOP_CLR_FD) = 0
[pid 356] close(4) = 0
[pid 356] creat("./bus", 000) = 4
[pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 356] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 356] chdir("./file0") = 0
[pid 356] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 356] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 356] memfd_create("syzkaller", 0) = 7
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 356] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 356] munmap(0x7f492ad65000, 138412032) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 356] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 356] ioctl(8, LOOP_CLR_FD) = 0
[pid 356] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 356] close(8) = 0
[pid 356] close(7) = 0
[ 24.321118][ T356] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.330394][ T356] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.335911][ T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 356] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 356] exit_group(0) = ?
[pid 356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 358 attached
, child_tidptr=0x555556534650) = 358
[pid 358] set_robust_list(0x555556534660, 24) = 0
[pid 358] chdir("./28") = 0
[pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 358] setpgid(0, 0) = 0
[pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 358] write(3, "1000", 4) = 4
[pid 358] close(3) = 0
[pid 358] symlink("/dev/binderfs", "./binderfs") = 0
[pid 358] memfd_create("syzkaller", 0) = 3
[pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 358] munmap(0x7f492ad65000, 138412032) = 0
[pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 358] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 358] close(3) = 0
[pid 358] mkdir("./file0", 0777) = 0
[ 24.358166][ T356] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.381847][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.409534][ T358] loop0: detected capacity change from 0 to 512
[ 24.416785][ T358] EXT4-fs: Ignoring removed bh option
[pid 358] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 358] chdir("./file0") = 0
[pid 358] ioctl(4, LOOP_CLR_FD) = 0
[pid 358] close(4) = 0
[pid 358] creat("./bus", 000) = 4
[pid 358] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 358] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 358] chdir("./file0") = 0
[pid 358] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 358] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 358] memfd_create("syzkaller", 0) = 7
[pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 358] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 358] munmap(0x7f492ad65000, 138412032) = 0
[pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 358] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 358] ioctl(8, LOOP_CLR_FD) = 0
[pid 358] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 358] close(8) = 0
[pid 358] close(7) = 0
[ 24.422312][ T358] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.432979][ T358] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.438746][ T358] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 358] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 358] exit_group(0) = ?
[pid 358] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 360
./strace-static-x86_64: Process 360 attached
[pid 360] set_robust_list(0x555556534660, 24) = 0
[pid 360] chdir("./29") = 0
[pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 360] setpgid(0, 0) = 0
[pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 360] write(3, "1000", 4) = 4
[pid 360] close(3) = 0
[pid 360] symlink("/dev/binderfs", "./binderfs") = 0
[pid 360] memfd_create("syzkaller", 0) = 3
[pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 360] munmap(0x7f492ad65000, 138412032) = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.466595][ T358] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.492922][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 360] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 360] close(3) = 0
[pid 360] mkdir("./file0", 0777) = 0
[pid 360] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 360] chdir("./file0") = 0
[pid 360] ioctl(4, LOOP_CLR_FD) = 0
[pid 360] close(4) = 0
[pid 360] creat("./bus", 000) = 4
[pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 360] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 360] chdir("./file0") = 0
[pid 360] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 360] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 360] memfd_create("syzkaller", 0) = 7
[pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 360] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 360] munmap(0x7f492ad65000, 138412032) = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 360] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 360] ioctl(8, LOOP_CLR_FD) = 0
[pid 360] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 360] close(8) = 0
[pid 360] close(7) = 0
[ 24.511904][ T360] loop0: detected capacity change from 0 to 512
[ 24.519403][ T360] EXT4-fs: Ignoring removed bh option
[ 24.525795][ T360] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.535200][ T360] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.540672][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 360] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 360] exit_group(0) = ?
[pid 360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 363
./strace-static-x86_64: Process 363 attached
[pid 363] set_robust_list(0x555556534660, 24) = 0
[pid 363] chdir("./30") = 0
[pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 363] setpgid(0, 0) = 0
[pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 363] write(3, "1000", 4) = 4
[pid 363] close(3) = 0
[pid 363] symlink("/dev/binderfs", "./binderfs") = 0
[pid 363] memfd_create("syzkaller", 0) = 3
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 363] munmap(0x7f492ad65000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 363] close(3) = 0
[pid 363] mkdir("./file0", 0777) = 0
[ 24.556642][ T360] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.582373][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.604531][ T363] loop0: detected capacity change from 0 to 512
[pid 363] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 363] chdir("./file0") = 0
[pid 363] ioctl(4, LOOP_CLR_FD) = 0
[pid 363] close(4) = 0
[pid 363] creat("./bus", 000) = 4
[pid 363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 363] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 363] chdir("./file0") = 0
[pid 363] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 363] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 363] memfd_create("syzkaller", 0) = 7
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 363] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 363] munmap(0x7f492ad65000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 363] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 363] ioctl(8, LOOP_CLR_FD) = 0
[pid 363] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 363] close(8) = 0
[pid 363] close(7) = 0
[ 24.613696][ T363] EXT4-fs: Ignoring removed bh option
[ 24.619586][ T363] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.628888][ T363] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.634555][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 363] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 363] exit_group(0) = ?
[pid 363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 365
./strace-static-x86_64: Process 365 attached
[pid 365] set_robust_list(0x555556534660, 24) = 0
[pid 365] chdir("./31") = 0
[pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 365] setpgid(0, 0) = 0
[pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 365] write(3, "1000", 4) = 4
[pid 365] close(3) = 0
[pid 365] symlink("/dev/binderfs", "./binderfs") = 0
[pid 365] memfd_create("syzkaller", 0) = 3
[pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 365] munmap(0x7f492ad65000, 138412032) = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 365] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 365] close(3) = 0
[pid 365] mkdir("./file0", 0777) = 0
[ 24.650444][ T363] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.673779][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.690494][ T365] loop0: detected capacity change from 0 to 512
[ 24.698087][ T365] EXT4-fs: Ignoring removed bh option
[ 24.704041][ T365] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 365] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 365] chdir("./file0") = 0
[pid 365] ioctl(4, LOOP_CLR_FD) = 0
[pid 365] close(4) = 0
[pid 365] creat("./bus", 000) = 4
[pid 365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 365] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 365] chdir("./file0") = 0
[pid 365] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 365] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 365] memfd_create("syzkaller", 0) = 7
[pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 365] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 365] munmap(0x7f492ad65000, 138412032) = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 365] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 365] ioctl(8, LOOP_CLR_FD) = 0
[pid 365] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 365] close(8) = 0
[pid 365] close(7) = 0
[pid 365] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 365] exit_group(0) = ?
[pid 365] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 367
./strace-static-x86_64: Process 367 attached
[pid 367] set_robust_list(0x555556534660, 24) = 0
[pid 367] chdir("./32") = 0
[pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 367] setpgid(0, 0) = 0
[pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 367] write(3, "1000", 4) = 4
[pid 367] close(3) = 0
[pid 367] symlink("/dev/binderfs", "./binderfs") = 0
[pid 367] memfd_create("syzkaller", 0) = 3
[pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 367] munmap(0x7f492ad65000, 138412032) = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.714625][ T365] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.720219][ T365] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.738948][ T365] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 367] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 367] close(3) = 0
[pid 367] mkdir("./file0", 0777) = 0
[pid 367] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 367] chdir("./file0") = 0
[pid 367] ioctl(4, LOOP_CLR_FD) = 0
[pid 367] close(4) = 0
[pid 367] creat("./bus", 000) = 4
[pid 367] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 367] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 367] chdir("./file0") = 0
[pid 367] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 367] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 367] memfd_create("syzkaller", 0) = 7
[pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 367] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 367] munmap(0x7f492ad65000, 138412032) = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 367] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 367] ioctl(8, LOOP_CLR_FD) = 0
[pid 367] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 367] close(8) = 0
[pid 367] close(7) = 0
[ 24.780380][ T367] loop0: detected capacity change from 0 to 512
[ 24.788924][ T367] EXT4-fs: Ignoring removed bh option
[ 24.794487][ T367] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.804050][ T367] EXT4-fs (loop0): 1 truncate cleaned up
[pid 367] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 367] exit_group(0) = ?
[pid 367] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 369
./strace-static-x86_64: Process 369 attached
[pid 369] set_robust_list(0x555556534660, 24) = 0
[pid 369] chdir("./33") = 0
[pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 369] setpgid(0, 0) = 0
[pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 369] write(3, "1000", 4) = 4
[pid 369] close(3) = 0
[pid 369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 369] memfd_create("syzkaller", 0) = 3
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 369] munmap(0x7f492ad65000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 369] close(3) = 0
[pid 369] mkdir("./file0", 0777) = 0
[ 24.822449][ T367] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 24.863022][ T369] loop0: detected capacity change from 0 to 512
[ 24.870984][ T369] EXT4-fs: Ignoring removed bh option
[pid 369] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 369] chdir("./file0") = 0
[pid 369] ioctl(4, LOOP_CLR_FD) = 0
[pid 369] close(4) = 0
[pid 369] creat("./bus", 000) = 4
[pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 369] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 369] chdir("./file0") = 0
[pid 369] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 369] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 369] memfd_create("syzkaller", 0) = 7
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 369] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 369] munmap(0x7f492ad65000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 369] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 369] ioctl(8, LOOP_CLR_FD) = 0
[pid 369] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 369] close(8) = 0
[pid 369] close(7) = 0
[pid 369] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 369] exit_group(0) = ?
[pid 369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 371
./strace-static-x86_64: Process 371 attached
[pid 371] set_robust_list(0x555556534660, 24) = 0
[pid 371] chdir("./34") = 0
[pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 371] setpgid(0, 0) = 0
[pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 371] write(3, "1000", 4) = 4
[pid 371] close(3) = 0
[pid 371] symlink("/dev/binderfs", "./binderfs") = 0
[pid 371] memfd_create("syzkaller", 0) = 3
[pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 371] munmap(0x7f492ad65000, 138412032) = 0
[pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.876605][ T369] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.886584][ T369] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.905761][ T369] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 371] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 371] close(3) = 0
[pid 371] mkdir("./file0", 0777) = 0
[pid 371] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 371] chdir("./file0") = 0
[pid 371] ioctl(4, LOOP_CLR_FD) = 0
[pid 371] close(4) = 0
[pid 371] creat("./bus", 000) = 4
[pid 371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 371] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 371] chdir("./file0") = 0
[pid 371] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 371] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 371] memfd_create("syzkaller", 0) = 7
[pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 371] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 371] munmap(0x7f492ad65000, 138412032) = 0
[pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 371] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 371] ioctl(8, LOOP_CLR_FD) = 0
[pid 371] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 371] close(8) = 0
[pid 371] close(7) = 0
[ 24.948845][ T371] loop0: detected capacity change from 0 to 512
[ 24.956728][ T371] EXT4-fs: Ignoring removed bh option
[ 24.962538][ T371] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 24.971799][ T371] EXT4-fs (loop0): 1 truncate cleaned up
[pid 371] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 371] exit_group(0) = ?
[pid 371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 373
./strace-static-x86_64: Process 373 attached
[pid 373] set_robust_list(0x555556534660, 24) = 0
[pid 373] chdir("./35") = 0
[pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 373] setpgid(0, 0) = 0
[pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 373] write(3, "1000", 4) = 4
[pid 373] close(3) = 0
[pid 373] symlink("/dev/binderfs", "./binderfs") = 0
[pid 373] memfd_create("syzkaller", 0) = 3
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 373] munmap(0x7f492ad65000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 373] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 373] close(3) = 0
[pid 373] mkdir("./file0", 0777) = 0
[ 24.990104][ T371] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.023383][ T373] loop0: detected capacity change from 0 to 512
[ 25.030626][ T373] EXT4-fs: Ignoring removed bh option
[ 25.036358][ T373] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 373] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 373] chdir("./file0") = 0
[pid 373] ioctl(4, LOOP_CLR_FD) = 0
[pid 373] close(4) = 0
[pid 373] creat("./bus", 000) = 4
[pid 373] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 373] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 373] chdir("./file0") = 0
[pid 373] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 373] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 373] memfd_create("syzkaller", 0) = 7
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 373] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 373] munmap(0x7f492ad65000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 373] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 373] ioctl(8, LOOP_CLR_FD) = 0
[pid 373] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 373] close(8) = 0
[pid 373] close(7) = 0
[pid 373] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 373] exit_group(0) = ?
[pid 373] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x555556534660, 24) = 0
[pid 375] chdir("./36") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
[pid 375] memfd_create("syzkaller", 0) = 3
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 375] munmap(0x7f492ad65000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.047119][ T373] EXT4-fs (loop0): 1 truncate cleaned up
[ 25.063493][ T373] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 375] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 375] close(3) = 0
[pid 375] mkdir("./file0", 0777) = 0
[pid 375] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 375] chdir("./file0") = 0
[pid 375] ioctl(4, LOOP_CLR_FD) = 0
[pid 375] close(4) = 0
[pid 375] creat("./bus", 000) = 4
[pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 375] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 375] chdir("./file0") = 0
[pid 375] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 375] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 375] memfd_create("syzkaller", 0) = 7
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 375] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 375] munmap(0x7f492ad65000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 375] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 375] ioctl(8, LOOP_CLR_FD) = 0
[pid 375] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 375] close(8) = 0
[pid 375] close(7) = 0
[ 25.101015][ T375] loop0: detected capacity change from 0 to 512
[ 25.108344][ T375] EXT4-fs: Ignoring removed bh option
[ 25.113965][ T375] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.123516][ T375] EXT4-fs (loop0): 1 truncate cleaned up
[pid 375] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 377
./strace-static-x86_64: Process 377 attached
[pid 377] set_robust_list(0x555556534660, 24) = 0
[pid 377] chdir("./37") = 0
[pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 377] setpgid(0, 0) = 0
[pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 377] write(3, "1000", 4) = 4
[pid 377] close(3) = 0
[pid 377] symlink("/dev/binderfs", "./binderfs") = 0
[pid 377] memfd_create("syzkaller", 0) = 3
[pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 377] munmap(0x7f492ad65000, 138412032) = 0
[pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 377] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 377] close(3) = 0
[pid 377] mkdir("./file0", 0777) = 0
[ 25.163068][ T375] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.202550][ T377] loop0: detected capacity change from 0 to 512
[pid 377] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 377] chdir("./file0") = 0
[pid 377] ioctl(4, LOOP_CLR_FD) = 0
[pid 377] close(4) = 0
[pid 377] creat("./bus", 000) = 4
[pid 377] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 377] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 377] chdir("./file0") = 0
[pid 377] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 377] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 377] memfd_create("syzkaller", 0) = 7
[pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 377] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 377] munmap(0x7f492ad65000, 138412032) = 0
[pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 377] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 377] ioctl(8, LOOP_CLR_FD) = 0
[pid 377] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 377] close(8) = 0
[pid 377] close(7) = 0
[ 25.209824][ T377] EXT4-fs: Ignoring removed bh option
[ 25.215646][ T377] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.224863][ T377] EXT4-fs (loop0): 1 truncate cleaned up
[pid 377] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 377] exit_group(0) = ?
[pid 377] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 379
./strace-static-x86_64: Process 379 attached
[pid 379] set_robust_list(0x555556534660, 24) = 0
[pid 379] chdir("./38") = 0
[pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 379] setpgid(0, 0) = 0
[pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 379] write(3, "1000", 4) = 4
[pid 379] close(3) = 0
[pid 379] symlink("/dev/binderfs", "./binderfs") = 0
[pid 379] memfd_create("syzkaller", 0) = 3
[pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 379] munmap(0x7f492ad65000, 138412032) = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 379] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 379] close(3) = 0
[pid 379] mkdir("./file0", 0777) = 0
[ 25.251134][ T377] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.289749][ T379] loop0: detected capacity change from 0 to 512
[ 25.297252][ T379] EXT4-fs: Ignoring removed bh option
[ 25.302796][ T379] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 379] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 379] chdir("./file0") = 0
[pid 379] ioctl(4, LOOP_CLR_FD) = 0
[pid 379] close(4) = 0
[pid 379] creat("./bus", 000) = 4
[pid 379] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 379] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 379] chdir("./file0") = 0
[pid 379] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 379] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 379] memfd_create("syzkaller", 0) = 7
[pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 379] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 379] munmap(0x7f492ad65000, 138412032) = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 379] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 379] ioctl(8, LOOP_CLR_FD) = 0
[pid 379] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 379] close(8) = 0
[pid 379] close(7) = 0
[ 25.312594][ T379] EXT4-fs (loop0): 1 truncate cleaned up
[pid 379] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 379] exit_group(0) = ?
[pid 379] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 381
./strace-static-x86_64: Process 381 attached
[pid 381] set_robust_list(0x555556534660, 24) = 0
[pid 381] chdir("./39") = 0
[pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 381] setpgid(0, 0) = 0
[pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 381] write(3, "1000", 4) = 4
[pid 381] close(3) = 0
[pid 381] symlink("/dev/binderfs", "./binderfs") = 0
[pid 381] memfd_create("syzkaller", 0) = 3
[pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 381] munmap(0x7f492ad65000, 138412032) = 0
[ 25.336644][ T379] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 381] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 381] close(3) = 0
[pid 381] mkdir("./file0", 0777) = 0
[pid 381] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 381] chdir("./file0") = 0
[pid 381] ioctl(4, LOOP_CLR_FD) = 0
[pid 381] close(4) = 0
[pid 381] creat("./bus", 000) = 4
[pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 381] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 381] chdir("./file0") = 0
[pid 381] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 381] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 381] memfd_create("syzkaller", 0) = 7
[pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 381] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 381] munmap(0x7f492ad65000, 138412032) = 0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 381] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 381] ioctl(8, LOOP_CLR_FD) = 0
[pid 381] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 381] close(8) = 0
[pid 381] close(7) = 0
[ 25.379649][ T381] loop0: detected capacity change from 0 to 512
[ 25.387288][ T381] EXT4-fs: Ignoring removed bh option
[ 25.393164][ T381] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.402664][ T381] EXT4-fs (loop0): 1 truncate cleaned up
[pid 381] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 381] exit_group(0) = ?
[pid 381] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 383
./strace-static-x86_64: Process 383 attached
[pid 383] set_robust_list(0x555556534660, 24) = 0
[pid 383] chdir("./40") = 0
[pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 383] setpgid(0, 0) = 0
[pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 383] write(3, "1000", 4) = 4
[pid 383] close(3) = 0
[pid 383] symlink("/dev/binderfs", "./binderfs") = 0
[pid 383] memfd_create("syzkaller", 0) = 3
[pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 383] munmap(0x7f492ad65000, 138412032) = 0
[pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 383] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 383] close(3) = 0
[pid 383] mkdir("./file0", 0777) = 0
[ 25.417460][ T381] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.453499][ T383] loop0: detected capacity change from 0 to 512
[ 25.463021][ T383] EXT4-fs: Ignoring removed bh option
[ 25.469208][ T383] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 383] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 383] chdir("./file0") = 0
[pid 383] ioctl(4, LOOP_CLR_FD) = 0
[pid 383] close(4) = 0
[pid 383] creat("./bus", 000) = 4
[pid 383] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 383] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 383] chdir("./file0") = 0
[pid 383] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 383] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 383] memfd_create("syzkaller", 0) = 7
[pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 383] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 383] munmap(0x7f492ad65000, 138412032) = 0
[pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 383] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 383] ioctl(8, LOOP_CLR_FD) = 0
[pid 383] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 383] close(8) = 0
[pid 383] close(7) = 0
[ 25.478873][ T383] EXT4-fs (loop0): 1 truncate cleaned up
[pid 383] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 383] exit_group(0) = ?
[pid 383] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 385
./strace-static-x86_64: Process 385 attached
[pid 385] set_robust_list(0x555556534660, 24) = 0
[pid 385] chdir("./41") = 0
[pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 385] setpgid(0, 0) = 0
[pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 385] write(3, "1000", 4) = 4
[pid 385] close(3) = 0
[pid 385] symlink("/dev/binderfs", "./binderfs") = 0
[pid 385] memfd_create("syzkaller", 0) = 3
[pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 385] munmap(0x7f492ad65000, 138412032) = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 385] close(3) = 0
[pid 385] mkdir("./file0", 0777) = 0
[ 25.501412][ T383] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.538571][ T385] loop0: detected capacity change from 0 to 512
[ 25.546252][ T385] EXT4-fs: Ignoring removed bh option
[pid 385] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 385] chdir("./file0") = 0
[pid 385] ioctl(4, LOOP_CLR_FD) = 0
[pid 385] close(4) = 0
[pid 385] creat("./bus", 000) = 4
[pid 385] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 385] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 385] chdir("./file0") = 0
[pid 385] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 385] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 385] memfd_create("syzkaller", 0) = 7
[pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 385] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 385] munmap(0x7f492ad65000, 138412032) = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 385] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 385] ioctl(8, LOOP_CLR_FD) = 0
[pid 385] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 385] close(8) = 0
[pid 385] close(7) = 0
[pid 385] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 385] exit_group(0) = ?
[pid 385] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 388
./strace-static-x86_64: Process 388 attached
[pid 388] set_robust_list(0x555556534660, 24) = 0
[pid 388] chdir("./42") = 0
[pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 388] setpgid(0, 0) = 0
[pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 388] write(3, "1000", 4) = 4
[pid 388] close(3) = 0
[pid 388] symlink("/dev/binderfs", "./binderfs") = 0
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 388] munmap(0x7f492ad65000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.551736][ T385] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.561554][ T385] EXT4-fs (loop0): 1 truncate cleaned up
[ 25.581638][ T385] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[pid 388] mkdir("./file0", 0777) = 0
[pid 388] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("./file0") = 0
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] creat("./bus", 000) = 4
[pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 388] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 388] chdir("./file0") = 0
[pid 388] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 388] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 388] memfd_create("syzkaller", 0) = 7
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 388] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 388] munmap(0x7f492ad65000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 388] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 388] ioctl(8, LOOP_CLR_FD) = 0
[pid 388] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 388] close(8) = 0
[pid 388] close(7) = 0
[ 25.618466][ T388] loop0: detected capacity change from 0 to 512
[ 25.626234][ T388] EXT4-fs: Ignoring removed bh option
[ 25.631824][ T388] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.641373][ T388] EXT4-fs (loop0): 1 truncate cleaned up
[pid 388] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 388] exit_group(0) = ?
[pid 388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 390
./strace-static-x86_64: Process 390 attached
[pid 390] set_robust_list(0x555556534660, 24) = 0
[pid 390] chdir("./43") = 0
[pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 390] setpgid(0, 0) = 0
[pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 390] write(3, "1000", 4) = 4
[pid 390] close(3) = 0
[pid 390] symlink("/dev/binderfs", "./binderfs") = 0
[pid 390] memfd_create("syzkaller", 0) = 3
[pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 390] munmap(0x7f492ad65000, 138412032) = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.677920][ T388] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 390] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 390] close(3) = 0
[pid 390] mkdir("./file0", 0777) = 0
[pid 390] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 390] chdir("./file0") = 0
[pid 390] ioctl(4, LOOP_CLR_FD) = 0
[pid 390] close(4) = 0
[pid 390] creat("./bus", 000) = 4
[pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 390] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 390] chdir("./file0") = 0
[pid 390] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 390] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 390] memfd_create("syzkaller", 0) = 7
[pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 390] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 390] munmap(0x7f492ad65000, 138412032) = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 390] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 390] ioctl(8, LOOP_CLR_FD) = 0
[pid 390] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 390] close(8) = 0
[pid 390] close(7) = 0
[ 25.723786][ T390] loop0: detected capacity change from 0 to 512
[ 25.730942][ T390] EXT4-fs: Ignoring removed bh option
[ 25.736647][ T390] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.746187][ T390] EXT4-fs (loop0): 1 truncate cleaned up
[pid 390] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 390] exit_group(0) = ?
[pid 390] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 392 attached
[pid 392] set_robust_list(0x555556534660, 24
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 392
[pid 392] <... set_robust_list resumed>) = 0
[pid 392] chdir("./44") = 0
[pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 392] setpgid(0, 0) = 0
[pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 392] write(3, "1000", 4) = 4
[pid 392] close(3) = 0
[pid 392] symlink("/dev/binderfs", "./binderfs") = 0
[pid 392] memfd_create("syzkaller", 0) = 3
[pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 392] munmap(0x7f492ad65000, 138412032) = 0
[pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 392] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 392] close(3) = 0
[pid 392] mkdir("./file0", 0777) = 0
[ 25.762026][ T390] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.800392][ T392] loop0: detected capacity change from 0 to 512
[ 25.807723][ T392] EXT4-fs: Ignoring removed bh option
[ 25.813162][ T392] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 392] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 392] chdir("./file0") = 0
[pid 392] ioctl(4, LOOP_CLR_FD) = 0
[pid 392] close(4) = 0
[pid 392] creat("./bus", 000) = 4
[pid 392] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 392] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 392] chdir("./file0") = 0
[pid 392] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 392] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 392] memfd_create("syzkaller", 0) = 7
[pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 392] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 392] munmap(0x7f492ad65000, 138412032) = 0
[pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 392] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 392] ioctl(8, LOOP_CLR_FD) = 0
[pid 392] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 392] close(8) = 0
[pid 392] close(7) = 0
[ 25.822776][ T392] EXT4-fs (loop0): 1 truncate cleaned up
[pid 392] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 392] exit_group(0) = ?
[pid 392] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 394
./strace-static-x86_64: Process 394 attached
[pid 394] set_robust_list(0x555556534660, 24) = 0
[pid 394] chdir("./45") = 0
[pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 394] setpgid(0, 0) = 0
[pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 394] write(3, "1000", 4) = 4
[pid 394] close(3) = 0
[pid 394] symlink("/dev/binderfs", "./binderfs") = 0
[pid 394] memfd_create("syzkaller", 0) = 3
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 394] munmap(0x7f492ad65000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 394] close(3) = 0
[pid 394] mkdir("./file0", 0777) = 0
[ 25.847913][ T392] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 25.883545][ T394] loop0: detected capacity change from 0 to 512
[ 25.890986][ T394] EXT4-fs: Ignoring removed bh option
[pid 394] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 394] chdir("./file0") = 0
[pid 394] ioctl(4, LOOP_CLR_FD) = 0
[pid 394] close(4) = 0
[pid 394] creat("./bus", 000) = 4
[pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 394] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 394] chdir("./file0") = 0
[pid 394] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 394] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 394] memfd_create("syzkaller", 0) = 7
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 394] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 394] munmap(0x7f492ad65000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 394] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 394] ioctl(8, LOOP_CLR_FD) = 0
[pid 394] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 394] close(8) = 0
[pid 394] close(7) = 0
[pid 394] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 394] exit_group(0) = ?
[pid 394] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 396
./strace-static-x86_64: Process 396 attached
[pid 396] set_robust_list(0x555556534660, 24) = 0
[pid 396] chdir("./46") = 0
[pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 396] setpgid(0, 0) = 0
[pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 396] write(3, "1000", 4) = 4
[pid 396] close(3) = 0
[pid 396] symlink("/dev/binderfs", "./binderfs") = 0
[pid 396] memfd_create("syzkaller", 0) = 3
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 396] munmap(0x7f492ad65000, 138412032) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.896907][ T394] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 25.906491][ T394] EXT4-fs (loop0): 1 truncate cleaned up
[ 25.924459][ T394] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 396] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 396] close(3) = 0
[pid 396] mkdir("./file0", 0777) = 0
[pid 396] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 396] chdir("./file0") = 0
[pid 396] ioctl(4, LOOP_CLR_FD) = 0
[pid 396] close(4) = 0
[pid 396] creat("./bus", 000) = 4
[pid 396] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 396] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 396] chdir("./file0") = 0
[pid 396] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 396] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 396] memfd_create("syzkaller", 0) = 7
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 396] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 396] munmap(0x7f492ad65000, 138412032) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 396] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 396] ioctl(8, LOOP_CLR_FD) = 0
[pid 396] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 396] close(8) = 0
[pid 396] close(7) = 0
[ 25.977595][ T396] loop0: detected capacity change from 0 to 512
[ 25.986138][ T396] EXT4-fs: Ignoring removed bh option
[ 25.991920][ T396] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.001793][ T396] EXT4-fs (loop0): 1 truncate cleaned up
[pid 396] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 396] exit_group(0) = ?
[pid 396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 398 attached
[pid 398] set_robust_list(0x555556534660, 24
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 398
[pid 398] <... set_robust_list resumed>) = 0
[pid 398] chdir("./47") = 0
[pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 398] setpgid(0, 0) = 0
[pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 398] write(3, "1000", 4) = 4
[pid 398] close(3) = 0
[pid 398] symlink("/dev/binderfs", "./binderfs") = 0
[pid 398] memfd_create("syzkaller", 0) = 3
[pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 398] munmap(0x7f492ad65000, 138412032) = 0
[pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.028892][ T396] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 398] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 398] close(3) = 0
[pid 398] mkdir("./file0", 0777) = 0
[pid 398] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 398] chdir("./file0") = 0
[pid 398] ioctl(4, LOOP_CLR_FD) = 0
[pid 398] close(4) = 0
[pid 398] creat("./bus", 000) = 4
[pid 398] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 398] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 398] chdir("./file0") = 0
[pid 398] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 398] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 398] memfd_create("syzkaller", 0) = 7
[pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 398] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 398] munmap(0x7f492ad65000, 138412032) = 0
[pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 398] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 398] ioctl(8, LOOP_CLR_FD) = 0
[pid 398] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 398] close(8) = 0
[pid 398] close(7) = 0
[ 26.079306][ T398] loop0: detected capacity change from 0 to 512
[ 26.087029][ T398] EXT4-fs: Ignoring removed bh option
[ 26.092897][ T398] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.102434][ T398] EXT4-fs (loop0): 1 truncate cleaned up
[pid 398] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 398] exit_group(0) = ?
[pid 398] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 400 attached
[pid 400] set_robust_list(0x555556534660, 24) = 0
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 400
[pid 400] chdir("./48") = 0
[pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 400] setpgid(0, 0) = 0
[pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 400] write(3, "1000", 4) = 4
[pid 400] close(3) = 0
[pid 400] symlink("/dev/binderfs", "./binderfs") = 0
[pid 400] memfd_create("syzkaller", 0) = 3
[pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 400] munmap(0x7f492ad65000, 138412032) = 0
[pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.119010][ T398] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 400] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 400] close(3) = 0
[pid 400] mkdir("./file0", 0777) = 0
[pid 400] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 400] chdir("./file0") = 0
[pid 400] ioctl(4, LOOP_CLR_FD) = 0
[pid 400] close(4) = 0
[pid 400] creat("./bus", 000) = 4
[pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 400] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 400] chdir("./file0") = 0
[pid 400] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 400] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 400] memfd_create("syzkaller", 0) = 7
[pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 400] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 400] munmap(0x7f492ad65000, 138412032) = 0
[pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 400] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 400] ioctl(8, LOOP_CLR_FD) = 0
[pid 400] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 400] close(8) = 0
[pid 400] close(7) = 0
[ 26.172196][ T400] loop0: detected capacity change from 0 to 512
[ 26.179693][ T400] EXT4-fs: Ignoring removed bh option
[ 26.185567][ T400] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.195322][ T400] EXT4-fs (loop0): 1 truncate cleaned up
[pid 400] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 400] exit_group(0) = ?
[pid 400] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 402
./strace-static-x86_64: Process 402 attached
[pid 402] set_robust_list(0x555556534660, 24) = 0
[pid 402] chdir("./49") = 0
[pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 402] setpgid(0, 0) = 0
[pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 402] write(3, "1000", 4) = 4
[pid 402] close(3) = 0
[pid 402] symlink("/dev/binderfs", "./binderfs") = 0
[pid 402] memfd_create("syzkaller", 0) = 3
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 402] munmap(0x7f492ad65000, 138412032) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 402] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 402] close(3) = 0
[pid 402] mkdir("./file0", 0777) = 0
[ 26.212146][ T400] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 26.248249][ T402] loop0: detected capacity change from 0 to 512
[ 26.256334][ T402] EXT4-fs: Ignoring removed bh option
[ 26.262025][ T402] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 402] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 402] chdir("./file0") = 0
[pid 402] ioctl(4, LOOP_CLR_FD) = 0
[pid 402] close(4) = 0
[pid 402] creat("./bus", 000) = 4
[pid 402] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 402] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 402] chdir("./file0") = 0
[pid 402] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 402] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 402] memfd_create("syzkaller", 0) = 7
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 402] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 402] munmap(0x7f492ad65000, 138412032) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 402] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 402] ioctl(8, LOOP_CLR_FD) = 0
[pid 402] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 402] close(8) = 0
[pid 402] close(7) = 0
[pid 402] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 402] exit_group(0) = ?
[pid 402] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 404
./strace-static-x86_64: Process 404 attached
[pid 404] set_robust_list(0x555556534660, 24) = 0
[pid 404] chdir("./50") = 0
[pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 404] setpgid(0, 0) = 0
[pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 404] write(3, "1000", 4) = 4
[pid 404] close(3) = 0
[pid 404] symlink("/dev/binderfs", "./binderfs") = 0
[pid 404] memfd_create("syzkaller", 0) = 3
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 404] munmap(0x7f492ad65000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.272042][ T402] EXT4-fs (loop0): 1 truncate cleaned up
[ 26.289493][ T402] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 404] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 404] close(3) = 0
[pid 404] mkdir("./file0", 0777) = 0
[pid 404] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 404] chdir("./file0") = 0
[pid 404] ioctl(4, LOOP_CLR_FD) = 0
[pid 404] close(4) = 0
[pid 404] creat("./bus", 000) = 4
[pid 404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 404] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 404] chdir("./file0") = 0
[pid 404] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 404] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 404] memfd_create("syzkaller", 0) = 7
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 404] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 404] munmap(0x7f492ad65000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 404] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 404] ioctl(8, LOOP_CLR_FD) = 0
[pid 404] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 404] close(8) = 0
[pid 404] close(7) = 0
[ 26.327843][ T404] loop0: detected capacity change from 0 to 512
[ 26.335035][ T404] EXT4-fs: Ignoring removed bh option
[ 26.341730][ T404] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.351157][ T404] EXT4-fs (loop0): 1 truncate cleaned up
[pid 404] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 404] exit_group(0) = ?
[pid 404] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 406
./strace-static-x86_64: Process 406 attached
[pid 406] set_robust_list(0x555556534660, 24) = 0
[pid 406] chdir("./51") = 0
[pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 406] setpgid(0, 0) = 0
[pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 406] write(3, "1000", 4) = 4
[pid 406] close(3) = 0
[pid 406] symlink("/dev/binderfs", "./binderfs") = 0
[pid 406] memfd_create("syzkaller", 0) = 3
[pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 406] munmap(0x7f492ad65000, 138412032) = 0
[pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 406] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 406] close(3) = 0
[pid 406] mkdir("./file0", 0777) = 0
[ 26.368185][ T404] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 26.408172][ T406] loop0: detected capacity change from 0 to 512
[ 26.415763][ T406] EXT4-fs: Ignoring removed bh option
[pid 406] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 406] chdir("./file0") = 0
[pid 406] ioctl(4, LOOP_CLR_FD) = 0
[pid 406] close(4) = 0
[pid 406] creat("./bus", 000) = 4
[pid 406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 406] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 406] chdir("./file0") = 0
[pid 406] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 406] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 406] memfd_create("syzkaller", 0) = 7
[pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 406] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 406] munmap(0x7f492ad65000, 138412032) = 0
[pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 406] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 406] ioctl(8, LOOP_CLR_FD) = 0
[pid 406] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 406] close(8) = 0
[pid 406] close(7) = 0
[pid 406] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 406] exit_group(0) = ?
[pid 406] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 408
./strace-static-x86_64: Process 408 attached
[pid 408] set_robust_list(0x555556534660, 24) = 0
[pid 408] chdir("./52") = 0
[pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 408] setpgid(0, 0) = 0
[pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 408] write(3, "1000", 4) = 4
[pid 408] close(3) = 0
[pid 408] symlink("/dev/binderfs", "./binderfs") = 0
[pid 408] memfd_create("syzkaller", 0) = 3
[pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 408] munmap(0x7f492ad65000, 138412032) = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.421358][ T406] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.430575][ T406] EXT4-fs (loop0): 1 truncate cleaned up
[ 26.453796][ T406] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 408] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 408] close(3) = 0
[pid 408] mkdir("./file0", 0777) = 0
[pid 408] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 408] chdir("./file0") = 0
[pid 408] ioctl(4, LOOP_CLR_FD) = 0
[pid 408] close(4) = 0
[pid 408] creat("./bus", 000) = 4
[pid 408] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 408] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 408] chdir("./file0") = 0
[pid 408] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 408] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 408] memfd_create("syzkaller", 0) = 7
[pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 408] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 408] munmap(0x7f492ad65000, 138412032) = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 408] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 408] ioctl(8, LOOP_CLR_FD) = 0
[pid 408] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 408] close(8) = 0
[pid 408] close(7) = 0
[ 26.493302][ T408] loop0: detected capacity change from 0 to 512
[ 26.500549][ T408] EXT4-fs: Ignoring removed bh option
[ 26.506318][ T408] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.515773][ T408] EXT4-fs (loop0): 1 truncate cleaned up
[pid 408] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 408] exit_group(0) = ?
[pid 408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 410
./strace-static-x86_64: Process 410 attached
[pid 410] set_robust_list(0x555556534660, 24) = 0
[pid 410] chdir("./53") = 0
[pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 410] setpgid(0, 0) = 0
[pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 410] write(3, "1000", 4) = 4
[pid 410] close(3) = 0
[pid 410] symlink("/dev/binderfs", "./binderfs") = 0
[pid 410] memfd_create("syzkaller", 0) = 3
[pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 410] munmap(0x7f492ad65000, 138412032) = 0
[pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 410] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 410] close(3) = 0
[pid 410] mkdir("./file0", 0777) = 0
[ 26.536575][ T408] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 26.576376][ T410] loop0: detected capacity change from 0 to 512
[ 26.586571][ T410] EXT4-fs: Ignoring removed bh option
[pid 410] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 410] chdir("./file0") = 0
[pid 410] ioctl(4, LOOP_CLR_FD) = 0
[pid 410] close(4) = 0
[pid 410] creat("./bus", 000) = 4
[pid 410] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 410] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 410] chdir("./file0") = 0
[pid 410] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 410] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 410] memfd_create("syzkaller", 0) = 7
[pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 410] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 410] munmap(0x7f492ad65000, 138412032) = 0
[pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 410] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 410] ioctl(8, LOOP_CLR_FD) = 0
[pid 410] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 410] close(8) = 0
[pid 410] close(7) = 0
[pid 410] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 410] exit_group(0) = ?
[pid 410] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 413
./strace-static-x86_64: Process 413 attached
[pid 413] set_robust_list(0x555556534660, 24) = 0
[pid 413] chdir("./54") = 0
[pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 413] setpgid(0, 0) = 0
[pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 413] write(3, "1000", 4) = 4
[pid 413] close(3) = 0
[pid 413] symlink("/dev/binderfs", "./binderfs") = 0
[pid 413] memfd_create("syzkaller", 0) = 3
[pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 413] munmap(0x7f492ad65000, 138412032) = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.592213][ T410] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.601794][ T410] EXT4-fs (loop0): 1 truncate cleaned up
[ 26.620858][ T410] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 413] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 413] close(3) = 0
[pid 413] mkdir("./file0", 0777) = 0
[pid 413] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 413] chdir("./file0") = 0
[pid 413] ioctl(4, LOOP_CLR_FD) = 0
[pid 413] close(4) = 0
[pid 413] creat("./bus", 000) = 4
[pid 413] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 413] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 413] chdir("./file0") = 0
[pid 413] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 413] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 413] memfd_create("syzkaller", 0) = 7
[pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 413] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 413] munmap(0x7f492ad65000, 138412032) = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 413] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 413] ioctl(8, LOOP_CLR_FD) = 0
[pid 413] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 413] close(8) = 0
[pid 413] close(7) = 0
[ 26.666607][ T413] loop0: detected capacity change from 0 to 512
[ 26.674250][ T413] EXT4-fs: Ignoring removed bh option
[ 26.679934][ T413] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.690111][ T413] EXT4-fs (loop0): 1 truncate cleaned up
[pid 413] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 413] exit_group(0) = ?
[pid 413] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 415
./strace-static-x86_64: Process 415 attached
[pid 415] set_robust_list(0x555556534660, 24) = 0
[pid 415] chdir("./55") = 0
[pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 415] setpgid(0, 0) = 0
[pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 415] write(3, "1000", 4) = 4
[pid 415] close(3) = 0
[pid 415] symlink("/dev/binderfs", "./binderfs") = 0
[pid 415] memfd_create("syzkaller", 0) = 3
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 415] munmap(0x7f492ad65000, 138412032) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 415] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 415] close(3) = 0
[pid 415] mkdir("./file0", 0777) = 0
[ 26.705590][ T413] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 26.744540][ T415] loop0: detected capacity change from 0 to 512
[ 26.752033][ T415] EXT4-fs: Ignoring removed bh option
[ 26.758231][ T415] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 415] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 415] chdir("./file0") = 0
[pid 415] ioctl(4, LOOP_CLR_FD) = 0
[pid 415] close(4) = 0
[pid 415] creat("./bus", 000) = 4
[pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 415] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 415] chdir("./file0") = 0
[pid 415] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 415] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 415] memfd_create("syzkaller", 0) = 7
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 415] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 415] munmap(0x7f492ad65000, 138412032) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 415] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 415] ioctl(8, LOOP_CLR_FD) = 0
[pid 415] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 415] close(8) = 0
[pid 415] close(7) = 0
[pid 415] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 415] exit_group(0) = ?
[pid 415] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 417 attached
[pid 417] set_robust_list(0x555556534660, 24) = 0
[pid 417] chdir("./56") = 0
[pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 417] setpgid(0, 0) = 0
[pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 417] write(3, "1000", 4
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 417
[pid 417] <... write resumed>) = 4
[pid 417] close(3) = 0
[pid 417] symlink("/dev/binderfs", "./binderfs") = 0
[pid 417] memfd_create("syzkaller", 0) = 3
[pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 417] munmap(0x7f492ad65000, 138412032) = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.767447][ T415] EXT4-fs (loop0): 1 truncate cleaned up
[ 26.785716][ T415] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 417] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 417] close(3) = 0
[pid 417] mkdir("./file0", 0777) = 0
[pid 417] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 417] chdir("./file0") = 0
[pid 417] ioctl(4, LOOP_CLR_FD) = 0
[pid 417] close(4) = 0
[pid 417] creat("./bus", 000) = 4
[pid 417] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 417] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 417] chdir("./file0") = 0
[pid 417] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 417] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 417] memfd_create("syzkaller", 0) = 7
[pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 417] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 417] munmap(0x7f492ad65000, 138412032) = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 417] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 417] ioctl(8, LOOP_CLR_FD) = 0
[pid 417] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 417] close(8) = 0
[pid 417] close(7) = 0
[ 26.823949][ T417] loop0: detected capacity change from 0 to 512
[ 26.831319][ T417] EXT4-fs: Ignoring removed bh option
[ 26.837978][ T417] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.847620][ T417] EXT4-fs (loop0): 1 truncate cleaned up
[pid 417] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 417] exit_group(0) = ?
[pid 417] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 419
./strace-static-x86_64: Process 419 attached
[pid 419] set_robust_list(0x555556534660, 24) = 0
[pid 419] chdir("./57") = 0
[pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 419] setpgid(0, 0) = 0
[pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 419] write(3, "1000", 4) = 4
[pid 419] close(3) = 0
[pid 419] symlink("/dev/binderfs", "./binderfs") = 0
[pid 419] memfd_create("syzkaller", 0) = 3
[pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 419] munmap(0x7f492ad65000, 138412032) = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.875217][ T417] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 419] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 419] close(3) = 0
[pid 419] mkdir("./file0", 0777) = 0
[pid 419] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 419] chdir("./file0") = 0
[pid 419] ioctl(4, LOOP_CLR_FD) = 0
[pid 419] close(4) = 0
[pid 419] creat("./bus", 000) = 4
[pid 419] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 419] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 419] chdir("./file0") = 0
[pid 419] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 419] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 419] memfd_create("syzkaller", 0) = 7
[pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 419] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 419] munmap(0x7f492ad65000, 138412032) = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 419] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 419] ioctl(8, LOOP_CLR_FD) = 0
[pid 419] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 419] close(8) = 0
[pid 419] close(7) = 0
[ 26.918343][ T419] loop0: detected capacity change from 0 to 512
[ 26.925399][ T419] EXT4-fs: Ignoring removed bh option
[ 26.931002][ T419] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 26.940254][ T419] EXT4-fs (loop0): 1 truncate cleaned up
[pid 419] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 419] exit_group(0) = ?
[pid 419] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 421
./strace-static-x86_64: Process 421 attached
[pid 421] set_robust_list(0x555556534660, 24) = 0
[pid 421] chdir("./58") = 0
[pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 421] setpgid(0, 0) = 0
[pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 421] write(3, "1000", 4) = 4
[pid 421] close(3) = 0
[pid 421] symlink("/dev/binderfs", "./binderfs") = 0
[pid 421] memfd_create("syzkaller", 0) = 3
[pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 421] munmap(0x7f492ad65000, 138412032) = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 421] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 421] close(3) = 0
[pid 421] mkdir("./file0", 0777) = 0
[ 26.971227][ T419] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.006496][ T421] loop0: detected capacity change from 0 to 512
[ 27.013763][ T421] EXT4-fs: Ignoring removed bh option
[pid 421] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 421] chdir("./file0") = 0
[pid 421] ioctl(4, LOOP_CLR_FD) = 0
[pid 421] close(4) = 0
[pid 421] creat("./bus", 000) = 4
[pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 421] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 421] chdir("./file0") = 0
[pid 421] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 421] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 421] memfd_create("syzkaller", 0) = 7
[pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 421] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 421] munmap(0x7f492ad65000, 138412032) = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 421] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 421] ioctl(8, LOOP_CLR_FD) = 0
[pid 421] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 421] close(8) = 0
[pid 421] close(7) = 0
[pid 421] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 421] exit_group(0) = ?
[pid 421] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 423
./strace-static-x86_64: Process 423 attached
[pid 423] set_robust_list(0x555556534660, 24) = 0
[pid 423] chdir("./59") = 0
[pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 423] setpgid(0, 0) = 0
[pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 423] write(3, "1000", 4) = 4
[pid 423] close(3) = 0
[pid 423] symlink("/dev/binderfs", "./binderfs") = 0
[pid 423] memfd_create("syzkaller", 0) = 3
[pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 423] munmap(0x7f492ad65000, 138412032) = 0
[ 27.019644][ T421] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.028954][ T421] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.044693][ T421] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 423] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 423] close(3) = 0
[pid 423] mkdir("./file0", 0777) = 0
[pid 423] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 423] chdir("./file0") = 0
[pid 423] ioctl(4, LOOP_CLR_FD) = 0
[pid 423] close(4) = 0
[pid 423] creat("./bus", 000) = 4
[pid 423] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 423] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 423] chdir("./file0") = 0
[pid 423] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 423] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 423] memfd_create("syzkaller", 0) = 7
[pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 423] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 423] munmap(0x7f492ad65000, 138412032) = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 423] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 423] ioctl(8, LOOP_CLR_FD) = 0
[pid 423] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 423] close(8) = 0
[pid 423] close(7) = 0
[ 27.083009][ T423] loop0: detected capacity change from 0 to 512
[ 27.090067][ T423] EXT4-fs: Ignoring removed bh option
[ 27.095795][ T423] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.104787][ T423] EXT4-fs (loop0): 1 truncate cleaned up
[pid 423] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 423] exit_group(0) = ?
[pid 423] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 425
./strace-static-x86_64: Process 425 attached
[pid 425] set_robust_list(0x555556534660, 24) = 0
[pid 425] chdir("./60") = 0
[pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 425] setpgid(0, 0) = 0
[pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 425] write(3, "1000", 4) = 4
[pid 425] close(3) = 0
[pid 425] symlink("/dev/binderfs", "./binderfs") = 0
[pid 425] memfd_create("syzkaller", 0) = 3
[pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 425] munmap(0x7f492ad65000, 138412032) = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 425] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 425] close(3) = 0
[pid 425] mkdir("./file0", 0777) = 0
[ 27.125830][ T423] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.159826][ T425] loop0: detected capacity change from 0 to 512
[ 27.167013][ T425] EXT4-fs: Ignoring removed bh option
[ 27.172578][ T425] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 425] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 425] chdir("./file0") = 0
[pid 425] ioctl(4, LOOP_CLR_FD) = 0
[pid 425] close(4) = 0
[pid 425] creat("./bus", 000) = 4
[pid 425] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 425] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 425] chdir("./file0") = 0
[pid 425] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 425] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 425] memfd_create("syzkaller", 0) = 7
[pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 425] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 425] munmap(0x7f492ad65000, 138412032) = 0
[pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 425] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 425] ioctl(8, LOOP_CLR_FD) = 0
[pid 425] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[ 27.181750][ T425] EXT4-fs (loop0): 1 truncate cleaned up
[pid 425] close(8) = 0
[pid 425] close(7) = 0
[pid 425] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 425] exit_group(0) = ?
[pid 425] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 427
./strace-static-x86_64: Process 427 attached
[pid 427] set_robust_list(0x555556534660, 24) = 0
[pid 427] chdir("./61") = 0
[pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 427] setpgid(0, 0) = 0
[pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 427] write(3, "1000", 4) = 4
[pid 427] close(3) = 0
[pid 427] symlink("/dev/binderfs", "./binderfs") = 0
[pid 427] memfd_create("syzkaller", 0) = 3
[pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 427] munmap(0x7f492ad65000, 138412032) = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 427] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 427] close(3) = 0
[pid 427] mkdir("./file0", 0777) = 0
[ 27.205702][ T425] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.245043][ T427] loop0: detected capacity change from 0 to 512
[pid 427] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 427] chdir("./file0") = 0
[pid 427] ioctl(4, LOOP_CLR_FD) = 0
[pid 427] close(4) = 0
[pid 427] creat("./bus", 000) = 4
[pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 427] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 427] chdir("./file0") = 0
[pid 427] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 427] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 427] memfd_create("syzkaller", 0) = 7
[pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 427] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 427] munmap(0x7f492ad65000, 138412032) = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 427] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 427] ioctl(8, LOOP_CLR_FD) = 0
[pid 427] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 427] close(8) = 0
[pid 427] close(7) = 0
[ 27.252757][ T427] EXT4-fs: Ignoring removed bh option
[ 27.258577][ T427] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.268229][ T427] EXT4-fs (loop0): 1 truncate cleaned up
[pid 427] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 427] exit_group(0) = ?
[pid 427] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 27.295033][ T427] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 429
./strace-static-x86_64: Process 429 attached
[pid 429] set_robust_list(0x555556534660, 24) = 0
[pid 429] chdir("./62") = 0
[pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 429] setpgid(0, 0) = 0
[pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 429] write(3, "1000", 4) = 4
[pid 429] close(3) = 0
[pid 429] symlink("/dev/binderfs", "./binderfs") = 0
[pid 429] memfd_create("syzkaller", 0) = 3
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 429] munmap(0x7f492ad65000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 429] close(3) = 0
[pid 429] mkdir("./file0", 0777) = 0
[pid 429] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 429] chdir("./file0") = 0
[pid 429] ioctl(4, LOOP_CLR_FD) = 0
[pid 429] close(4) = 0
[pid 429] creat("./bus", 000) = 4
[pid 429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 429] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 429] chdir("./file0") = 0
[pid 429] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 429] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 429] memfd_create("syzkaller", 0) = 7
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 429] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 429] munmap(0x7f492ad65000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 429] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 429] ioctl(8, LOOP_CLR_FD) = 0
[pid 429] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 429] close(8) = 0
[pid 429] close(7) = 0
[ 27.396961][ T429] loop0: detected capacity change from 0 to 512
[ 27.404713][ T429] EXT4-fs: Ignoring removed bh option
[ 27.410353][ T429] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.419577][ T429] EXT4-fs (loop0): 1 truncate cleaned up
[pid 429] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 429] exit_group(0) = ?
[pid 429] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 431 attached
[pid 431] set_robust_list(0x555556534660, 24) = 0
[pid 431] chdir("./63"
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 431
[pid 431] <... chdir resumed>) = 0
[pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 431] setpgid(0, 0) = 0
[pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 431] write(3, "1000", 4) = 4
[pid 431] close(3) = 0
[pid 431] symlink("/dev/binderfs", "./binderfs") = 0
[pid 431] memfd_create("syzkaller", 0) = 3
[pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 431] munmap(0x7f492ad65000, 138412032) = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 431] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 431] close(3) = 0
[pid 431] mkdir("./file0", 0777) = 0
[ 27.436086][ T429] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.472246][ T431] loop0: detected capacity change from 0 to 512
[ 27.479485][ T431] EXT4-fs: Ignoring removed bh option
[ 27.485032][ T431] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 431] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 431] chdir("./file0") = 0
[pid 431] ioctl(4, LOOP_CLR_FD) = 0
[pid 431] close(4) = 0
[pid 431] creat("./bus", 000) = 4
[pid 431] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 431] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 431] chdir("./file0") = 0
[pid 431] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 431] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 431] memfd_create("syzkaller", 0) = 7
[pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 431] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 431] munmap(0x7f492ad65000, 138412032) = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 431] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 431] ioctl(8, LOOP_CLR_FD) = 0
[pid 431] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 431] close(8) = 0
[pid 431] close(7) = 0
[pid 431] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 431] exit_group(0) = ?
[pid 431] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 433
./strace-static-x86_64: Process 433 attached
[pid 433] set_robust_list(0x555556534660, 24) = 0
[pid 433] chdir("./64") = 0
[pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 433] setpgid(0, 0) = 0
[pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 433] write(3, "1000", 4) = 4
[pid 433] close(3) = 0
[pid 433] symlink("/dev/binderfs", "./binderfs") = 0
[pid 433] memfd_create("syzkaller", 0) = 3
[pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 433] munmap(0x7f492ad65000, 138412032) = 0
[pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 433] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 433] close(3) = 0
[pid 433] mkdir("./file0", 0777) = 0
[ 27.494676][ T431] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.508606][ T431] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.540997][ T433] loop0: detected capacity change from 0 to 512
[pid 433] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 433] chdir("./file0") = 0
[pid 433] ioctl(4, LOOP_CLR_FD) = 0
[pid 433] close(4) = 0
[pid 433] creat("./bus", 000) = 4
[pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 433] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 433] chdir("./file0") = 0
[pid 433] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 433] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 433] memfd_create("syzkaller", 0) = 7
[pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 433] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 433] munmap(0x7f492ad65000, 138412032) = 0
[pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 433] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 433] ioctl(8, LOOP_CLR_FD) = 0
[pid 433] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 433] close(8) = 0
[pid 433] close(7) = 0
[ 27.547949][ T433] EXT4-fs: Ignoring removed bh option
[ 27.553566][ T433] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.562879][ T433] EXT4-fs (loop0): 1 truncate cleaned up
[pid 433] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 433] exit_group(0) = ?
[pid 433] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 436
./strace-static-x86_64: Process 436 attached
[pid 436] set_robust_list(0x555556534660, 24) = 0
[pid 436] chdir("./65") = 0
[pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 436] setpgid(0, 0) = 0
[pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 436] write(3, "1000", 4) = 4
[pid 436] close(3) = 0
[pid 436] symlink("/dev/binderfs", "./binderfs") = 0
[pid 436] memfd_create("syzkaller", 0) = 3
[pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 436] munmap(0x7f492ad65000, 138412032) = 0
[pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 436] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 436] close(3) = 0
[pid 436] mkdir("./file0", 0777) = 0
[pid 436] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 436] chdir("./file0") = 0
[pid 436] ioctl(4, LOOP_CLR_FD) = 0
[pid 436] close(4) = 0
[pid 436] creat("./bus", 000) = 4
[pid 436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 436] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 436] chdir("./file0") = 0
[pid 436] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 436] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 436] memfd_create("syzkaller", 0) = 7
[pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 436] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 436] munmap(0x7f492ad65000, 138412032) = 0
[pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 436] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 436] ioctl(8, LOOP_CLR_FD) = 0
[pid 436] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 436] close(8) = 0
[pid 436] close(7) = 0
[ 27.584025][ T433] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.617259][ T436] loop0: detected capacity change from 0 to 512
[ 27.624764][ T436] EXT4-fs: Ignoring removed bh option
[ 27.630870][ T436] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.640003][ T436] EXT4-fs (loop0): 1 truncate cleaned up
[pid 436] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 436] exit_group(0) = ?
[pid 436] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 438
./strace-static-x86_64: Process 438 attached
[pid 438] set_robust_list(0x555556534660, 24) = 0
[pid 438] chdir("./66") = 0
[pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 438] setpgid(0, 0) = 0
[pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 438] write(3, "1000", 4) = 4
[pid 438] close(3) = 0
[pid 438] symlink("/dev/binderfs", "./binderfs") = 0
[pid 438] memfd_create("syzkaller", 0) = 3
[pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 438] munmap(0x7f492ad65000, 138412032) = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.666747][ T436] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 438] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 438] close(3) = 0
[pid 438] mkdir("./file0", 0777) = 0
[pid 438] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 438] chdir("./file0") = 0
[pid 438] ioctl(4, LOOP_CLR_FD) = 0
[pid 438] close(4) = 0
[pid 438] creat("./bus", 000) = 4
[pid 438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 438] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 438] chdir("./file0") = 0
[pid 438] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 438] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 438] memfd_create("syzkaller", 0) = 7
[pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 438] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 438] munmap(0x7f492ad65000, 138412032) = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 438] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 438] ioctl(8, LOOP_CLR_FD) = 0
[pid 438] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 438] close(8) = 0
[pid 438] close(7) = 0
[ 27.712938][ T438] loop0: detected capacity change from 0 to 512
[ 27.721192][ T438] EXT4-fs: Ignoring removed bh option
[ 27.727184][ T438] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.736624][ T438] EXT4-fs (loop0): 1 truncate cleaned up
[pid 438] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 438] exit_group(0) = ?
[pid 438] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 440
./strace-static-x86_64: Process 440 attached
[pid 440] set_robust_list(0x555556534660, 24) = 0
[pid 440] chdir("./67") = 0
[pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 440] setpgid(0, 0) = 0
[pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 440] write(3, "1000", 4) = 4
[pid 440] close(3) = 0
[pid 440] symlink("/dev/binderfs", "./binderfs") = 0
[pid 440] memfd_create("syzkaller", 0) = 3
[pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 440] munmap(0x7f492ad65000, 138412032) = 0
[pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 440] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 440] close(3) = 0
[pid 440] mkdir("./file0", 0777) = 0
[pid 440] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 440] chdir("./file0") = 0
[pid 440] ioctl(4, LOOP_CLR_FD) = 0
[pid 440] close(4) = 0
[pid 440] creat("./bus", 000) = 4
[pid 440] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 440] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 440] chdir("./file0") = 0
[pid 440] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 440] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 440] memfd_create("syzkaller", 0) = 7
[pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 440] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 440] munmap(0x7f492ad65000, 138412032) = 0
[pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 440] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 440] ioctl(8, LOOP_CLR_FD) = 0
[pid 440] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 440] close(8) = 0
[pid 440] close(7) = 0
[ 27.749704][ T438] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.783143][ T440] loop0: detected capacity change from 0 to 512
[ 27.790180][ T440] EXT4-fs: Ignoring removed bh option
[ 27.795969][ T440] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.806074][ T440] EXT4-fs (loop0): 1 truncate cleaned up
[pid 440] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 440] exit_group(0) = ?
[pid 440] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 442
./strace-static-x86_64: Process 442 attached
[pid 442] set_robust_list(0x555556534660, 24) = 0
[pid 442] chdir("./68") = 0
[pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 442] setpgid(0, 0) = 0
[pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 442] write(3, "1000", 4) = 4
[pid 442] close(3) = 0
[pid 442] symlink("/dev/binderfs", "./binderfs") = 0
[pid 442] memfd_create("syzkaller", 0) = 3
[pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 442] munmap(0x7f492ad65000, 138412032) = 0
[pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.823882][ T440] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 442] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 442] close(3) = 0
[pid 442] mkdir("./file0", 0777) = 0
[pid 442] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 442] chdir("./file0") = 0
[pid 442] ioctl(4, LOOP_CLR_FD) = 0
[pid 442] close(4) = 0
[pid 442] creat("./bus", 000) = 4
[pid 442] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 442] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 442] chdir("./file0") = 0
[pid 442] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 442] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 442] memfd_create("syzkaller", 0) = 7
[pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 442] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 442] munmap(0x7f492ad65000, 138412032) = 0
[pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 442] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 442] ioctl(8, LOOP_CLR_FD) = 0
[pid 442] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 442] close(8) = 0
[pid 442] close(7) = 0
[ 27.875318][ T442] loop0: detected capacity change from 0 to 512
[ 27.882450][ T442] EXT4-fs: Ignoring removed bh option
[ 27.888151][ T442] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 27.897556][ T442] EXT4-fs (loop0): 1 truncate cleaned up
[pid 442] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 442] exit_group(0) = ?
[pid 442] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=442, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 444
./strace-static-x86_64: Process 444 attached
[pid 444] set_robust_list(0x555556534660, 24) = 0
[pid 444] chdir("./69") = 0
[pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 444] setpgid(0, 0) = 0
[pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 444] write(3, "1000", 4) = 4
[pid 444] close(3) = 0
[pid 444] symlink("/dev/binderfs", "./binderfs") = 0
[pid 444] memfd_create("syzkaller", 0) = 3
[pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 444] munmap(0x7f492ad65000, 138412032) = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 444] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 444] close(3) = 0
[pid 444] mkdir("./file0", 0777) = 0
[ 27.912568][ T442] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 27.950069][ T444] loop0: detected capacity change from 0 to 512
[ 27.957234][ T444] EXT4-fs: Ignoring removed bh option
[ 27.962635][ T444] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 444] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 444] chdir("./file0") = 0
[pid 444] ioctl(4, LOOP_CLR_FD) = 0
[pid 444] close(4) = 0
[pid 444] creat("./bus", 000) = 4
[pid 444] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 444] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 444] chdir("./file0") = 0
[pid 444] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 444] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 444] memfd_create("syzkaller", 0) = 7
[pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 444] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 444] munmap(0x7f492ad65000, 138412032) = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 444] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 444] ioctl(8, LOOP_CLR_FD) = 0
[pid 444] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 444] close(8) = 0
[pid 444] close(7) = 0
[pid 444] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 444] exit_group(0) = ?
[pid 444] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 446
./strace-static-x86_64: Process 446 attached
[pid 446] set_robust_list(0x555556534660, 24) = 0
[pid 446] chdir("./70") = 0
[pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 446] setpgid(0, 0) = 0
[pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 446] write(3, "1000", 4) = 4
[pid 446] close(3) = 0
[pid 446] symlink("/dev/binderfs", "./binderfs") = 0
[pid 446] memfd_create("syzkaller", 0) = 3
[pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 446] munmap(0x7f492ad65000, 138412032) = 0
[pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.972013][ T444] EXT4-fs (loop0): 1 truncate cleaned up
[ 27.993687][ T444] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 446] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 446] close(3) = 0
[pid 446] mkdir("./file0", 0777) = 0
[pid 446] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 446] chdir("./file0") = 0
[pid 446] ioctl(4, LOOP_CLR_FD) = 0
[pid 446] close(4) = 0
[pid 446] creat("./bus", 000) = 4
[pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 446] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 446] chdir("./file0") = 0
[pid 446] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 446] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 446] memfd_create("syzkaller", 0) = 7
[pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 446] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 446] munmap(0x7f492ad65000, 138412032) = 0
[pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 446] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 446] ioctl(8, LOOP_CLR_FD) = 0
[pid 446] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 446] close(8) = 0
[pid 446] close(7) = 0
[ 28.033334][ T446] loop0: detected capacity change from 0 to 512
[ 28.041401][ T446] EXT4-fs: Ignoring removed bh option
[ 28.047197][ T446] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.056377][ T446] EXT4-fs (loop0): 1 truncate cleaned up
[pid 446] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 446] exit_group(0) = ?
[pid 446] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 448
./strace-static-x86_64: Process 448 attached
[pid 448] set_robust_list(0x555556534660, 24) = 0
[pid 448] chdir("./71") = 0
[pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 448] setpgid(0, 0) = 0
[pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 448] write(3, "1000", 4) = 4
[pid 448] close(3) = 0
[pid 448] symlink("/dev/binderfs", "./binderfs") = 0
[pid 448] memfd_create("syzkaller", 0) = 3
[pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 448] munmap(0x7f492ad65000, 138412032) = 0
[pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 448] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 448] close(3) = 0
[pid 448] mkdir("./file0", 0777) = 0
[ 28.075733][ T446] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.112177][ T448] loop0: detected capacity change from 0 to 512
[ 28.119452][ T448] EXT4-fs: Ignoring removed bh option
[ 28.124967][ T448] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 448] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 448] chdir("./file0") = 0
[pid 448] ioctl(4, LOOP_CLR_FD) = 0
[pid 448] close(4) = 0
[pid 448] creat("./bus", 000) = 4
[pid 448] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 448] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 448] chdir("./file0") = 0
[pid 448] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 448] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 448] memfd_create("syzkaller", 0) = 7
[pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 448] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 448] munmap(0x7f492ad65000, 138412032) = 0
[pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 448] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 448] ioctl(8, LOOP_CLR_FD) = 0
[pid 448] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 448] close(8) = 0
[pid 448] close(7) = 0
[pid 448] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 448] exit_group(0) = ?
[pid 448] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 450
./strace-static-x86_64: Process 450 attached
[pid 450] set_robust_list(0x555556534660, 24) = 0
[pid 450] chdir("./72") = 0
[pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 450] setpgid(0, 0) = 0
[pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 450] write(3, "1000", 4) = 4
[pid 450] close(3) = 0
[pid 450] symlink("/dev/binderfs", "./binderfs") = 0
[pid 450] memfd_create("syzkaller", 0) = 3
[pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 450] munmap(0x7f492ad65000, 138412032) = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.134280][ T448] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.150399][ T448] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 450] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 450] close(3) = 0
[pid 450] mkdir("./file0", 0777) = 0
[pid 450] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 450] chdir("./file0") = 0
[pid 450] ioctl(4, LOOP_CLR_FD) = 0
[pid 450] close(4) = 0
[pid 450] creat("./bus", 000) = 4
[pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 450] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 450] chdir("./file0") = 0
[pid 450] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 450] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 450] memfd_create("syzkaller", 0) = 7
[pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 450] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 450] munmap(0x7f492ad65000, 138412032) = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 450] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 450] ioctl(8, LOOP_CLR_FD) = 0
[pid 450] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 450] close(8) = 0
[pid 450] close(7) = 0
[ 28.182613][ T450] loop0: detected capacity change from 0 to 512
[ 28.190476][ T450] EXT4-fs: Ignoring removed bh option
[ 28.196711][ T450] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.205917][ T450] EXT4-fs (loop0): 1 truncate cleaned up
[pid 450] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 450] exit_group(0) = ?
[pid 450] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 452
./strace-static-x86_64: Process 452 attached
[pid 452] set_robust_list(0x555556534660, 24) = 0
[pid 452] chdir("./73") = 0
[pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 452] setpgid(0, 0) = 0
[pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 452] write(3, "1000", 4) = 4
[pid 452] close(3) = 0
[pid 452] symlink("/dev/binderfs", "./binderfs") = 0
[pid 452] memfd_create("syzkaller", 0) = 3
[pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 452] munmap(0x7f492ad65000, 138412032) = 0
[pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 452] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 452] close(3) = 0
[pid 452] mkdir("./file0", 0777) = 0
[ 28.221244][ T450] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.263429][ T452] loop0: detected capacity change from 0 to 512
[ 28.271490][ T452] EXT4-fs: Ignoring removed bh option
[ 28.277047][ T452] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 452] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 452] chdir("./file0") = 0
[pid 452] ioctl(4, LOOP_CLR_FD) = 0
[pid 452] close(4) = 0
[pid 452] creat("./bus", 000) = 4
[pid 452] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 452] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 452] chdir("./file0") = 0
[pid 452] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 452] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 452] memfd_create("syzkaller", 0) = 7
[pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 452] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 452] munmap(0x7f492ad65000, 138412032) = 0
[pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 452] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 452] ioctl(8, LOOP_CLR_FD) = 0
[pid 452] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 452] close(8) = 0
[pid 452] close(7) = 0
[pid 452] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[ 28.286638][ T452] EXT4-fs (loop0): 1 truncate cleaned up
[pid 452] exit_group(0) = ?
[pid 452] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 454 attached
[pid 454] set_robust_list(0x555556534660, 24
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 454
[pid 454] <... set_robust_list resumed>) = 0
[pid 454] chdir("./74") = 0
[pid 454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 454] setpgid(0, 0) = 0
[pid 454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 454] write(3, "1000", 4) = 4
[pid 454] close(3) = 0
[pid 454] symlink("/dev/binderfs", "./binderfs") = 0
[pid 454] memfd_create("syzkaller", 0) = 3
[pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 454] munmap(0x7f492ad65000, 138412032) = 0
[pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 454] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 454] close(3) = 0
[pid 454] mkdir("./file0", 0777) = 0
[pid 454] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 454] chdir("./file0") = 0
[pid 454] ioctl(4, LOOP_CLR_FD) = 0
[pid 454] close(4) = 0
[pid 454] creat("./bus", 000) = 4
[pid 454] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 454] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 454] chdir("./file0") = 0
[pid 454] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 454] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 454] memfd_create("syzkaller", 0) = 7
[pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 454] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 454] munmap(0x7f492ad65000, 138412032) = 0
[pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 454] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 454] ioctl(8, LOOP_CLR_FD) = 0
[pid 454] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 454] close(8) = 0
[pid 454] close(7) = 0
[ 28.317735][ T452] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.352865][ T454] loop0: detected capacity change from 0 to 512
[ 28.360639][ T454] EXT4-fs: Ignoring removed bh option
[ 28.366566][ T454] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.376524][ T454] EXT4-fs (loop0): 1 truncate cleaned up
[pid 454] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 454] exit_group(0) = ?
[pid 454] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=454, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 456
./strace-static-x86_64: Process 456 attached
[pid 456] set_robust_list(0x555556534660, 24) = 0
[pid 456] chdir("./75") = 0
[pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 456] setpgid(0, 0) = 0
[pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 456] write(3, "1000", 4) = 4
[pid 456] close(3) = 0
[pid 456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 456] memfd_create("syzkaller", 0) = 3
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 456] munmap(0x7f492ad65000, 138412032) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 456] close(3) = 0
[pid 456] mkdir("./file0", 0777) = 0
[ 28.396417][ T454] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.430224][ T456] loop0: detected capacity change from 0 to 512
[ 28.437350][ T456] EXT4-fs: Ignoring removed bh option
[pid 456] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 456] chdir("./file0") = 0
[pid 456] ioctl(4, LOOP_CLR_FD) = 0
[pid 456] close(4) = 0
[pid 456] creat("./bus", 000) = 4
[pid 456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 456] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 456] chdir("./file0") = 0
[pid 456] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 456] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 456] memfd_create("syzkaller", 0) = 7
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 456] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 456] munmap(0x7f492ad65000, 138412032) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 456] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 456] ioctl(8, LOOP_CLR_FD) = 0
[pid 456] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 456] close(8) = 0
[pid 456] close(7) = 0
[pid 456] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 456] exit_group(0) = ?
[pid 456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs") = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 458
./strace-static-x86_64: Process 458 attached
[pid 458] set_robust_list(0x555556534660, 24) = 0
[pid 458] chdir("./76") = 0
[pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 458] setpgid(0, 0) = 0
[pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 458] write(3, "1000", 4) = 4
[pid 458] close(3) = 0
[pid 458] symlink("/dev/binderfs", "./binderfs") = 0
[pid 458] memfd_create("syzkaller", 0) = 3
[pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 458] munmap(0x7f492ad65000, 138412032) = 0
[ 28.442920][ T456] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.452551][ T456] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.473381][ T456] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 458] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 458] close(3) = 0
[pid 458] mkdir("./file0", 0777) = 0
[pid 458] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 458] chdir("./file0") = 0
[pid 458] ioctl(4, LOOP_CLR_FD) = 0
[pid 458] close(4) = 0
[pid 458] creat("./bus", 000) = 4
[pid 458] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 458] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 458] chdir("./file0") = 0
[pid 458] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 458] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 458] memfd_create("syzkaller", 0) = 7
[pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 458] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 458] munmap(0x7f492ad65000, 138412032) = 0
[pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 458] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 458] ioctl(8, LOOP_CLR_FD) = 0
[pid 458] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 458] close(8) = 0
[pid 458] close(7) = 0
[ 28.527602][ T458] loop0: detected capacity change from 0 to 512
[ 28.535578][ T458] EXT4-fs: Ignoring removed bh option
[ 28.541350][ T458] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.550892][ T458] EXT4-fs (loop0): 1 truncate cleaned up
[pid 458] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 458] exit_group(0) = ?
[pid 458] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=458, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/binderfs") = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 461
./strace-static-x86_64: Process 461 attached
[pid 461] set_robust_list(0x555556534660, 24) = 0
[pid 461] chdir("./77") = 0
[pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 461] setpgid(0, 0) = 0
[pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 461] write(3, "1000", 4) = 4
[pid 461] close(3) = 0
[pid 461] symlink("/dev/binderfs", "./binderfs") = 0
[pid 461] memfd_create("syzkaller", 0) = 3
[pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 461] munmap(0x7f492ad65000, 138412032) = 0
[pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 461] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 461] close(3) = 0
[pid 461] mkdir("./file0", 0777) = 0
[ 28.572969][ T458] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.609249][ T461] loop0: detected capacity change from 0 to 512
[ 28.617596][ T461] EXT4-fs: Ignoring removed bh option
[pid 461] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 461] chdir("./file0") = 0
[pid 461] ioctl(4, LOOP_CLR_FD) = 0
[pid 461] close(4) = 0
[pid 461] creat("./bus", 000) = 4
[pid 461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 461] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 461] chdir("./file0") = 0
[pid 461] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 461] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 461] memfd_create("syzkaller", 0) = 7
[pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 461] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 461] munmap(0x7f492ad65000, 138412032) = 0
[pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 461] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 461] ioctl(8, LOOP_CLR_FD) = 0
[pid 461] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 461] close(8) = 0
[pid 461] close(7) = 0
[pid 461] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 461] exit_group(0) = ?
[pid 461] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs") = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 463
./strace-static-x86_64: Process 463 attached
[pid 463] set_robust_list(0x555556534660, 24) = 0
[pid 463] chdir("./78") = 0
[pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 463] setpgid(0, 0) = 0
[pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 463] write(3, "1000", 4) = 4
[pid 463] close(3) = 0
[pid 463] symlink("/dev/binderfs", "./binderfs") = 0
[pid 463] memfd_create("syzkaller", 0) = 3
[pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 463] munmap(0x7f492ad65000, 138412032) = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.623303][ T461] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.632511][ T461] EXT4-fs (loop0): 1 truncate cleaned up
[ 28.657011][ T461] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 463] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 463] close(3) = 0
[pid 463] mkdir("./file0", 0777) = 0
[pid 463] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 463] chdir("./file0") = 0
[pid 463] ioctl(4, LOOP_CLR_FD) = 0
[pid 463] close(4) = 0
[pid 463] creat("./bus", 000) = 4
[pid 463] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 463] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 463] chdir("./file0") = 0
[pid 463] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 463] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 463] memfd_create("syzkaller", 0) = 7
[pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 463] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 463] munmap(0x7f492ad65000, 138412032) = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 463] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 463] ioctl(8, LOOP_CLR_FD) = 0
[pid 463] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 463] close(8) = 0
[pid 463] close(7) = 0
[ 28.693348][ T463] loop0: detected capacity change from 0 to 512
[ 28.701474][ T463] EXT4-fs: Ignoring removed bh option
[ 28.707205][ T463] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.716353][ T463] EXT4-fs (loop0): 1 truncate cleaned up
[pid 463] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 463] exit_group(0) = ?
[pid 463] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=463, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs") = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 465
./strace-static-x86_64: Process 465 attached
[pid 465] set_robust_list(0x555556534660, 24) = 0
[pid 465] chdir("./79") = 0
[pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 465] setpgid(0, 0) = 0
[pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 465] write(3, "1000", 4) = 4
[pid 465] close(3) = 0
[pid 465] symlink("/dev/binderfs", "./binderfs") = 0
[pid 465] memfd_create("syzkaller", 0) = 3
[pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 465] munmap(0x7f492ad65000, 138412032) = 0
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 465] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 465] close(3) = 0
[pid 465] mkdir("./file0", 0777) = 0
[ 28.738154][ T463] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.781827][ T465] loop0: detected capacity change from 0 to 512
[pid 465] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 465] chdir("./file0") = 0
[pid 465] ioctl(4, LOOP_CLR_FD) = 0
[pid 465] close(4) = 0
[pid 465] creat("./bus", 000) = 4
[pid 465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 465] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 465] chdir("./file0") = 0
[pid 465] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 465] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 465] memfd_create("syzkaller", 0) = 7
[pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 465] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 465] munmap(0x7f492ad65000, 138412032) = 0
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 465] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 465] ioctl(8, LOOP_CLR_FD) = 0
[pid 465] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 465] close(8) = 0
[pid 465] close(7) = 0
[ 28.790013][ T465] EXT4-fs: Ignoring removed bh option
[ 28.795598][ T465] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.804649][ T465] EXT4-fs (loop0): 1 truncate cleaned up
[pid 465] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 465] exit_group(0) = ?
[pid 465] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs") = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 467
./strace-static-x86_64: Process 467 attached
[pid 467] set_robust_list(0x555556534660, 24) = 0
[pid 467] chdir("./80") = 0
[pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 467] setpgid(0, 0) = 0
[pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 467] write(3, "1000", 4) = 4
[pid 467] close(3) = 0
[pid 467] symlink("/dev/binderfs", "./binderfs") = 0
[pid 467] memfd_create("syzkaller", 0) = 3
[pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 467] munmap(0x7f492ad65000, 138412032) = 0
[pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 467] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 467] close(3) = 0
[pid 467] mkdir("./file0", 0777) = 0
[pid 467] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 467] chdir("./file0") = 0
[pid 467] ioctl(4, LOOP_CLR_FD) = 0
[pid 467] close(4) = 0
[pid 467] creat("./bus", 000) = 4
[pid 467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 467] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 467] chdir("./file0") = 0
[pid 467] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 467] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 467] memfd_create("syzkaller", 0) = 7
[pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 467] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 467] munmap(0x7f492ad65000, 138412032) = 0
[pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 467] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 467] ioctl(8, LOOP_CLR_FD) = 0
[pid 467] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 467] close(8) = 0
[ 28.826123][ T465] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.862557][ T467] loop0: detected capacity change from 0 to 512
[ 28.869577][ T467] EXT4-fs: Ignoring removed bh option
[ 28.875695][ T467] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.885370][ T467] EXT4-fs (loop0): 1 truncate cleaned up
[pid 467] close(7) = 0
[pid 467] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 467] exit_group(0) = ?
[pid 467] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=467, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs") = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 470
./strace-static-x86_64: Process 470 attached
[pid 470] set_robust_list(0x555556534660, 24) = 0
[pid 470] chdir("./81") = 0
[pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 470] setpgid(0, 0) = 0
[pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 470] write(3, "1000", 4) = 4
[pid 470] close(3) = 0
[pid 470] symlink("/dev/binderfs", "./binderfs") = 0
[pid 470] memfd_create("syzkaller", 0) = 3
[pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 470] munmap(0x7f492ad65000, 138412032) = 0
[pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 470] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 470] close(3) = 0
[pid 470] mkdir("./file0", 0777) = 0
[ 28.906897][ T467] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 28.946420][ T470] loop0: detected capacity change from 0 to 512
[pid 470] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 470] chdir("./file0") = 0
[pid 470] ioctl(4, LOOP_CLR_FD) = 0
[pid 470] close(4) = 0
[pid 470] creat("./bus", 000) = 4
[pid 470] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 470] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 470] chdir("./file0") = 0
[pid 470] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 470] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 470] memfd_create("syzkaller", 0) = 7
[pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 470] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 470] munmap(0x7f492ad65000, 138412032) = 0
[pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 470] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 470] ioctl(8, LOOP_CLR_FD) = 0
[pid 470] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 470] close(8) = 0
[pid 470] close(7) = 0
[ 28.954094][ T470] EXT4-fs: Ignoring removed bh option
[ 28.960150][ T470] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 28.969274][ T470] EXT4-fs (loop0): 1 truncate cleaned up
[pid 470] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 470] exit_group(0) = ?
[pid 470] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs") = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 472
./strace-static-x86_64: Process 472 attached
[pid 472] set_robust_list(0x555556534660, 24) = 0
[pid 472] chdir("./82") = 0
[pid 472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 472] setpgid(0, 0) = 0
[pid 472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 472] write(3, "1000", 4) = 4
[pid 472] close(3) = 0
[pid 472] symlink("/dev/binderfs", "./binderfs") = 0
[pid 472] memfd_create("syzkaller", 0) = 3
[pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 472] munmap(0x7f492ad65000, 138412032) = 0
[pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.990897][ T470] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 472] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 472] close(3) = 0
[pid 472] mkdir("./file0", 0777) = 0
[pid 472] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 472] chdir("./file0") = 0
[pid 472] ioctl(4, LOOP_CLR_FD) = 0
[pid 472] close(4) = 0
[pid 472] creat("./bus", 000) = 4
[pid 472] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 472] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 472] chdir("./file0") = 0
[pid 472] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 472] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 472] memfd_create("syzkaller", 0) = 7
[pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 472] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 472] munmap(0x7f492ad65000, 138412032) = 0
[pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 472] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 472] ioctl(8, LOOP_CLR_FD) = 0
[pid 472] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 472] close(8) = 0
[pid 472] close(7) = 0
[ 29.028709][ T472] loop0: detected capacity change from 0 to 512
[ 29.036177][ T472] EXT4-fs: Ignoring removed bh option
[ 29.041868][ T472] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.051491][ T472] EXT4-fs (loop0): 1 truncate cleaned up
[pid 472] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 472] exit_group(0) = ?
[pid 472] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=472, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs") = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 474
./strace-static-x86_64: Process 474 attached
[pid 474] set_robust_list(0x555556534660, 24) = 0
[pid 474] chdir("./83") = 0
[pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 474] setpgid(0, 0) = 0
[pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 474] write(3, "1000", 4) = 4
[pid 474] close(3) = 0
[pid 474] symlink("/dev/binderfs", "./binderfs") = 0
[pid 474] memfd_create("syzkaller", 0) = 3
[pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 474] munmap(0x7f492ad65000, 138412032) = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 474] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 474] close(3) = 0
[pid 474] mkdir("./file0", 0777) = 0
[ 29.068634][ T472] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.104472][ T474] loop0: detected capacity change from 0 to 512
[ 29.112168][ T474] EXT4-fs: Ignoring removed bh option
[ 29.117776][ T474] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 474] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 474] chdir("./file0") = 0
[pid 474] ioctl(4, LOOP_CLR_FD) = 0
[pid 474] close(4) = 0
[pid 474] creat("./bus", 000) = 4
[pid 474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 474] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 474] chdir("./file0") = 0
[pid 474] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 474] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 474] memfd_create("syzkaller", 0) = 7
[pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 474] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 474] munmap(0x7f492ad65000, 138412032) = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 474] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 474] ioctl(8, LOOP_CLR_FD) = 0
[pid 474] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 474] close(8) = 0
[pid 474] close(7) = 0
[ 29.127414][ T474] EXT4-fs (loop0): 1 truncate cleaned up
[pid 474] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 474] exit_group(0) = ?
[pid 474] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs") = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 476
./strace-static-x86_64: Process 476 attached
[pid 476] set_robust_list(0x555556534660, 24) = 0
[pid 476] chdir("./84") = 0
[pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 476] setpgid(0, 0) = 0
[pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 476] write(3, "1000", 4) = 4
[pid 476] close(3) = 0
[pid 476] symlink("/dev/binderfs", "./binderfs") = 0
[pid 476] memfd_create("syzkaller", 0) = 3
[pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 476] munmap(0x7f492ad65000, 138412032) = 0
[pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 476] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 476] close(3) = 0
[pid 476] mkdir("./file0", 0777) = 0
[ 29.157545][ T474] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.197168][ T476] loop0: detected capacity change from 0 to 512
[pid 476] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 476] chdir("./file0") = 0
[pid 476] ioctl(4, LOOP_CLR_FD) = 0
[pid 476] close(4) = 0
[pid 476] creat("./bus", 000) = 4
[pid 476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 476] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 476] chdir("./file0") = 0
[pid 476] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 476] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 476] memfd_create("syzkaller", 0) = 7
[pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 476] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 476] munmap(0x7f492ad65000, 138412032) = 0
[pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 476] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 476] ioctl(8, LOOP_CLR_FD) = 0
[pid 476] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 476] close(8) = 0
[pid 476] close(7) = 0
[ 29.204597][ T476] EXT4-fs: Ignoring removed bh option
[ 29.210612][ T476] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.220007][ T476] EXT4-fs (loop0): 1 truncate cleaned up
[pid 476] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 476] exit_group(0) = ?
[pid 476] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=476, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs") = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 478
./strace-static-x86_64: Process 478 attached
[pid 478] set_robust_list(0x555556534660, 24) = 0
[pid 478] chdir("./85") = 0
[pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 478] setpgid(0, 0) = 0
[pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 478] write(3, "1000", 4) = 4
[pid 478] close(3) = 0
[pid 478] symlink("/dev/binderfs", "./binderfs") = 0
[pid 478] memfd_create("syzkaller", 0) = 3
[pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 478] munmap(0x7f492ad65000, 138412032) = 0
[pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.242261][ T476] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 478] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 478] close(3) = 0
[pid 478] mkdir("./file0", 0777) = 0
[pid 478] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 478] chdir("./file0") = 0
[pid 478] ioctl(4, LOOP_CLR_FD) = 0
[pid 478] close(4) = 0
[pid 478] creat("./bus", 000) = 4
[pid 478] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 478] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 478] chdir("./file0") = 0
[pid 478] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 478] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 478] memfd_create("syzkaller", 0) = 7
[pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 478] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 478] munmap(0x7f492ad65000, 138412032) = 0
[pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 478] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 478] ioctl(8, LOOP_CLR_FD) = 0
[pid 478] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 478] close(8) = 0
[pid 478] close(7) = 0
[ 29.283424][ T478] loop0: detected capacity change from 0 to 512
[ 29.291272][ T478] EXT4-fs: Ignoring removed bh option
[ 29.297587][ T478] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.306949][ T478] EXT4-fs (loop0): 1 truncate cleaned up
[pid 478] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 478] exit_group(0) = ?
[pid 478] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs") = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 480
./strace-static-x86_64: Process 480 attached
[pid 480] set_robust_list(0x555556534660, 24) = 0
[pid 480] chdir("./86") = 0
[pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 480] setpgid(0, 0) = 0
[pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 480] write(3, "1000", 4) = 4
[pid 480] close(3) = 0
[pid 480] symlink("/dev/binderfs", "./binderfs") = 0
[pid 480] memfd_create("syzkaller", 0) = 3
[pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 480] munmap(0x7f492ad65000, 138412032) = 0
[pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.334222][ T478] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 480] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 480] close(3) = 0
[pid 480] mkdir("./file0", 0777) = 0
[pid 480] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 480] chdir("./file0") = 0
[pid 480] ioctl(4, LOOP_CLR_FD) = 0
[pid 480] close(4) = 0
[pid 480] creat("./bus", 000) = 4
[pid 480] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 480] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 480] chdir("./file0") = 0
[pid 480] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 480] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 480] memfd_create("syzkaller", 0) = 7
[pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 480] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 480] munmap(0x7f492ad65000, 138412032) = 0
[pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 480] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 480] ioctl(8, LOOP_CLR_FD) = 0
[pid 480] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 480] close(8) = 0
[pid 480] close(7) = 0
[ 29.376344][ T480] loop0: detected capacity change from 0 to 512
[ 29.383413][ T480] EXT4-fs: Ignoring removed bh option
[ 29.389119][ T480] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.398601][ T480] EXT4-fs (loop0): 1 truncate cleaned up
[pid 480] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 480] exit_group(0) = ?
[pid 480] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs") = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 482
./strace-static-x86_64: Process 482 attached
[pid 482] set_robust_list(0x555556534660, 24) = 0
[pid 482] chdir("./87") = 0
[pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 482] setpgid(0, 0) = 0
[pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 482] write(3, "1000", 4) = 4
[pid 482] close(3) = 0
[pid 482] symlink("/dev/binderfs", "./binderfs") = 0
[pid 482] memfd_create("syzkaller", 0) = 3
[pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 482] munmap(0x7f492ad65000, 138412032) = 0
[pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 482] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 482] close(3) = 0
[pid 482] mkdir("./file0", 0777) = 0
[pid 482] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 482] chdir("./file0") = 0
[pid 482] ioctl(4, LOOP_CLR_FD) = 0
[pid 482] close(4) = 0
[pid 482] creat("./bus", 000) = 4
[pid 482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 482] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 482] chdir("./file0") = 0
[pid 482] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 482] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 482] memfd_create("syzkaller", 0) = 7
[pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 482] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 482] munmap(0x7f492ad65000, 138412032) = 0
[pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 482] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 482] ioctl(8, LOOP_CLR_FD) = 0
[pid 482] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 482] close(8) = 0
[pid 482] close(7) = 0
[ 29.414434][ T480] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.446977][ T482] loop0: detected capacity change from 0 to 512
[ 29.454234][ T482] EXT4-fs: Ignoring removed bh option
[ 29.459919][ T482] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.469112][ T482] EXT4-fs (loop0): 1 truncate cleaned up
[pid 482] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 482] exit_group(0) = ?
[pid 482] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs") = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 484
./strace-static-x86_64: Process 484 attached
[pid 484] set_robust_list(0x555556534660, 24) = 0
[pid 484] chdir("./88") = 0
[pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 484] setpgid(0, 0) = 0
[pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 484] write(3, "1000", 4) = 4
[pid 484] close(3) = 0
[pid 484] symlink("/dev/binderfs", "./binderfs") = 0
[pid 484] memfd_create("syzkaller", 0) = 3
[pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 484] munmap(0x7f492ad65000, 138412032) = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 484] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 484] close(3) = 0
[pid 484] mkdir("./file0", 0777) = 0
[ 29.486393][ T482] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.524280][ T484] loop0: detected capacity change from 0 to 512
[pid 484] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 484] chdir("./file0") = 0
[pid 484] ioctl(4, LOOP_CLR_FD) = 0
[pid 484] close(4) = 0
[pid 484] creat("./bus", 000) = 4
[pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 484] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 484] chdir("./file0") = 0
[pid 484] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 484] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 484] memfd_create("syzkaller", 0) = 7
[pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 484] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 484] munmap(0x7f492ad65000, 138412032) = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 484] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 484] ioctl(8, LOOP_CLR_FD) = 0
[pid 484] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 484] close(8) = 0
[pid 484] close(7) = 0
[pid 484] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 484] exit_group(0) = ?
[pid 484] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs") = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 486
./strace-static-x86_64: Process 486 attached
[pid 486] set_robust_list(0x555556534660, 24) = 0
[pid 486] chdir("./89") = 0
[pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 486] setpgid(0, 0) = 0
[pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 486] write(3, "1000", 4) = 4
[pid 486] close(3) = 0
[pid 486] symlink("/dev/binderfs", "./binderfs") = 0
[pid 486] memfd_create("syzkaller", 0) = 3
[pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 486] munmap(0x7f492ad65000, 138412032) = 0
[pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.531941][ T484] EXT4-fs: Ignoring removed bh option
[ 29.538023][ T484] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.547272][ T484] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.564552][ T484] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 486] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 486] close(3) = 0
[pid 486] mkdir("./file0", 0777) = 0
[pid 486] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 486] chdir("./file0") = 0
[pid 486] ioctl(4, LOOP_CLR_FD) = 0
[pid 486] close(4) = 0
[pid 486] creat("./bus", 000) = 4
[pid 486] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 486] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 486] chdir("./file0") = 0
[pid 486] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 486] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 486] memfd_create("syzkaller", 0) = 7
[pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 486] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 486] munmap(0x7f492ad65000, 138412032) = 0
[pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 486] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 486] ioctl(8, LOOP_CLR_FD) = 0
[pid 486] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 486] close(8) = 0
[pid 486] close(7) = 0
[ 29.603899][ T486] loop0: detected capacity change from 0 to 512
[ 29.611615][ T486] EXT4-fs: Ignoring removed bh option
[ 29.617439][ T486] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.627243][ T486] EXT4-fs (loop0): 1 truncate cleaned up
[pid 486] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 486] exit_group(0) = ?
[pid 486] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs") = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 489
./strace-static-x86_64: Process 489 attached
[pid 489] set_robust_list(0x555556534660, 24) = 0
[pid 489] chdir("./90") = 0
[pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 489] setpgid(0, 0) = 0
[pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 489] write(3, "1000", 4) = 4
[pid 489] close(3) = 0
[pid 489] symlink("/dev/binderfs", "./binderfs") = 0
[pid 489] memfd_create("syzkaller", 0) = 3
[pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 489] munmap(0x7f492ad65000, 138412032) = 0
[pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 489] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 489] close(3) = 0
[pid 489] mkdir("./file0", 0777) = 0
[ 29.647608][ T486] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.686997][ T489] loop0: detected capacity change from 0 to 512
[ 29.694380][ T489] EXT4-fs: Ignoring removed bh option
[pid 489] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 489] chdir("./file0") = 0
[pid 489] ioctl(4, LOOP_CLR_FD) = 0
[pid 489] close(4) = 0
[pid 489] creat("./bus", 000) = 4
[pid 489] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 489] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 489] chdir("./file0") = 0
[pid 489] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 489] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 489] memfd_create("syzkaller", 0) = 7
[pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 489] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 489] munmap(0x7f492ad65000, 138412032) = 0
[pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 489] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 489] ioctl(8, LOOP_CLR_FD) = 0
[pid 489] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 489] close(8) = 0
[pid 489] close(7) = 0
[pid 489] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 489] exit_group(0) = ?
[pid 489] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs") = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 491
./strace-static-x86_64: Process 491 attached
[pid 491] set_robust_list(0x555556534660, 24) = 0
[pid 491] chdir("./91") = 0
[pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 491] setpgid(0, 0) = 0
[pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 491] write(3, "1000", 4) = 4
[pid 491] close(3) = 0
[pid 491] symlink("/dev/binderfs", "./binderfs") = 0
[pid 491] memfd_create("syzkaller", 0) = 3
[pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 491] munmap(0x7f492ad65000, 138412032) = 0
[pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.700067][ T489] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.709181][ T489] EXT4-fs (loop0): 1 truncate cleaned up
[ 29.724861][ T489] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 491] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 491] close(3) = 0
[pid 491] mkdir("./file0", 0777) = 0
[pid 491] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 491] chdir("./file0") = 0
[pid 491] ioctl(4, LOOP_CLR_FD) = 0
[pid 491] close(4) = 0
[pid 491] creat("./bus", 000) = 4
[pid 491] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 491] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 491] chdir("./file0") = 0
[pid 491] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 491] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 491] memfd_create("syzkaller", 0) = 7
[pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 491] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 491] munmap(0x7f492ad65000, 138412032) = 0
[pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 491] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 491] ioctl(8, LOOP_CLR_FD) = 0
[pid 491] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 491] close(8) = 0
[pid 491] close(7) = 0
[ 29.762269][ T491] loop0: detected capacity change from 0 to 512
[ 29.769853][ T491] EXT4-fs: Ignoring removed bh option
[ 29.775545][ T491] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.784922][ T491] EXT4-fs (loop0): 1 truncate cleaned up
[pid 491] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 491] exit_group(0) = ?
[pid 491] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=491, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs") = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 493
./strace-static-x86_64: Process 493 attached
[pid 493] set_robust_list(0x555556534660, 24) = 0
[pid 493] chdir("./92") = 0
[pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 493] setpgid(0, 0) = 0
[pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 493] write(3, "1000", 4) = 4
[pid 493] close(3) = 0
[pid 493] symlink("/dev/binderfs", "./binderfs") = 0
[pid 493] memfd_create("syzkaller", 0) = 3
[pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 493] munmap(0x7f492ad65000, 138412032) = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 493] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 493] close(3) = 0
[pid 493] mkdir("./file0", 0777) = 0
[ 29.801115][ T491] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 29.838595][ T493] loop0: detected capacity change from 0 to 512
[ 29.846177][ T493] EXT4-fs: Ignoring removed bh option
[ 29.851912][ T493] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 493] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 493] chdir("./file0") = 0
[pid 493] ioctl(4, LOOP_CLR_FD) = 0
[pid 493] close(4) = 0
[pid 493] creat("./bus", 000) = 4
[pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 493] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 493] chdir("./file0") = 0
[pid 493] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 493] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 493] memfd_create("syzkaller", 0) = 7
[pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 493] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 493] munmap(0x7f492ad65000, 138412032) = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 493] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 493] ioctl(8, LOOP_CLR_FD) = 0
[pid 493] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 493] close(8) = 0
[ 29.861261][ T493] EXT4-fs (loop0): 1 truncate cleaned up
[pid 493] close(7) = 0
[pid 493] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 493] exit_group(0) = ?
[pid 493] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs") = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 29.883680][ T493] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 495
./strace-static-x86_64: Process 495 attached
[pid 495] set_robust_list(0x555556534660, 24) = 0
[pid 495] chdir("./93") = 0
[pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 495] setpgid(0, 0) = 0
[pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 495] write(3, "1000", 4) = 4
[pid 495] close(3) = 0
[pid 495] symlink("/dev/binderfs", "./binderfs") = 0
[pid 495] memfd_create("syzkaller", 0) = 3
[pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 495] munmap(0x7f492ad65000, 138412032) = 0
[pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 495] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 495] close(3) = 0
[pid 495] mkdir("./file0", 0777) = 0
[pid 495] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 495] chdir("./file0") = 0
[pid 495] ioctl(4, LOOP_CLR_FD) = 0
[pid 495] close(4) = 0
[pid 495] creat("./bus", 000) = 4
[pid 495] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 495] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 495] chdir("./file0") = 0
[pid 495] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 495] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 495] memfd_create("syzkaller", 0) = 7
[pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 495] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 495] munmap(0x7f492ad65000, 138412032) = 0
[pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 495] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 495] ioctl(8, LOOP_CLR_FD) = 0
[pid 495] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 495] close(8) = 0
[pid 495] close(7) = 0
[ 29.954795][ T495] loop0: detected capacity change from 0 to 512
[ 29.962307][ T495] EXT4-fs: Ignoring removed bh option
[ 29.967962][ T495] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 29.977474][ T495] EXT4-fs (loop0): 1 truncate cleaned up
[pid 495] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 495] exit_group(0) = ?
[pid 495] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=495, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs") = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 497 attached
[pid 497] set_robust_list(0x555556534660, 24) = 0
[pid 497] chdir("./94") = 0
[pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 497] setpgid(0, 0) = 0
[pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 294] <... clone resumed>, child_tidptr=0x555556534650) = 497
[pid 497] <... openat resumed>) = 3
[pid 497] write(3, "1000", 4) = 4
[pid 497] close(3) = 0
[pid 497] symlink("/dev/binderfs", "./binderfs") = 0
[pid 497] memfd_create("syzkaller", 0) = 3
[pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 497] munmap(0x7f492ad65000, 138412032) = 0
[pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 497] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 497] close(3) = 0
[pid 497] mkdir("./file0", 0777) = 0
[ 29.993020][ T495] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.031056][ T497] loop0: detected capacity change from 0 to 512
[ 30.041819][ T497] EXT4-fs: Ignoring removed bh option
[pid 497] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 497] chdir("./file0") = 0
[pid 497] ioctl(4, LOOP_CLR_FD) = 0
[pid 497] close(4) = 0
[pid 497] creat("./bus", 000) = 4
[pid 497] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 497] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 497] chdir("./file0") = 0
[pid 497] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 497] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 497] memfd_create("syzkaller", 0) = 7
[pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 497] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 497] munmap(0x7f492ad65000, 138412032) = 0
[pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 497] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 497] ioctl(8, LOOP_CLR_FD) = 0
[pid 497] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 497] close(8) = 0
[pid 497] close(7) = 0
[pid 497] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 497] exit_group(0) = ?
[pid 497] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=497, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs") = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 499 attached
, child_tidptr=0x555556534650) = 499
[pid 499] set_robust_list(0x555556534660, 24) = 0
[pid 499] chdir("./95") = 0
[pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 499] setpgid(0, 0) = 0
[pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 499] write(3, "1000", 4) = 4
[pid 499] close(3) = 0
[pid 499] symlink("/dev/binderfs", "./binderfs") = 0
[pid 499] memfd_create("syzkaller", 0) = 3
[pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 499] munmap(0x7f492ad65000, 138412032) = 0
[pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.047616][ T497] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.056847][ T497] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.075999][ T497] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 499] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 499] close(3) = 0
[pid 499] mkdir("./file0", 0777) = 0
[pid 499] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 499] chdir("./file0") = 0
[pid 499] ioctl(4, LOOP_CLR_FD) = 0
[pid 499] close(4) = 0
[pid 499] creat("./bus", 000) = 4
[pid 499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 499] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 499] chdir("./file0") = 0
[pid 499] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 499] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 499] memfd_create("syzkaller", 0) = 7
[pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 499] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 499] munmap(0x7f492ad65000, 138412032) = 0
[pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 499] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 499] ioctl(8, LOOP_CLR_FD) = 0
[pid 499] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 499] close(8) = 0
[pid 499] close(7) = 0
[ 30.123653][ T499] loop0: detected capacity change from 0 to 512
[ 30.131764][ T499] EXT4-fs: Ignoring removed bh option
[ 30.137667][ T499] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.147029][ T499] EXT4-fs (loop0): 1 truncate cleaned up
[pid 499] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 499] exit_group(0) = ?
[pid 499] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs") = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 501
./strace-static-x86_64: Process 501 attached
[pid 501] set_robust_list(0x555556534660, 24) = 0
[pid 501] chdir("./96") = 0
[pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 501] setpgid(0, 0) = 0
[pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 501] write(3, "1000", 4) = 4
[pid 501] close(3) = 0
[pid 501] symlink("/dev/binderfs", "./binderfs") = 0
[pid 501] memfd_create("syzkaller", 0) = 3
[pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 501] munmap(0x7f492ad65000, 138412032) = 0
[pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 501] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 501] close(3) = 0
[pid 501] mkdir("./file0", 0777) = 0
[ 30.162489][ T499] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.200220][ T501] loop0: detected capacity change from 0 to 512
[ 30.207409][ T501] EXT4-fs: Ignoring removed bh option
[ 30.213122][ T501] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 501] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 501] chdir("./file0") = 0
[pid 501] ioctl(4, LOOP_CLR_FD) = 0
[pid 501] close(4) = 0
[pid 501] creat("./bus", 000) = 4
[pid 501] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 501] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 501] chdir("./file0") = 0
[pid 501] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 501] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 501] memfd_create("syzkaller", 0) = 7
[pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 501] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 501] munmap(0x7f492ad65000, 138412032) = 0
[pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 501] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 501] ioctl(8, LOOP_CLR_FD) = 0
[pid 501] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 501] close(8) = 0
[pid 501] close(7) = 0
[pid 501] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 501] exit_group(0) = ?
[pid 501] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=501, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs") = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 503
./strace-static-x86_64: Process 503 attached
[pid 503] set_robust_list(0x555556534660, 24) = 0
[pid 503] chdir("./97") = 0
[pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 503] setpgid(0, 0) = 0
[pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 503] write(3, "1000", 4) = 4
[pid 503] close(3) = 0
[pid 503] symlink("/dev/binderfs", "./binderfs") = 0
[pid 503] memfd_create("syzkaller", 0) = 3
[pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 503] munmap(0x7f492ad65000, 138412032) = 0
[pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.222585][ T501] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.241775][ T501] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 503] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 503] close(3) = 0
[pid 503] mkdir("./file0", 0777) = 0
[pid 503] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 503] chdir("./file0") = 0
[pid 503] ioctl(4, LOOP_CLR_FD) = 0
[pid 503] close(4) = 0
[pid 503] creat("./bus", 000) = 4
[pid 503] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 503] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 503] chdir("./file0") = 0
[pid 503] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 503] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 503] memfd_create("syzkaller", 0) = 7
[pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 503] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 503] munmap(0x7f492ad65000, 138412032) = 0
[pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 503] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 503] ioctl(8, LOOP_CLR_FD) = 0
[pid 503] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 503] close(8) = 0
[pid 503] close(7) = 0
[ 30.278295][ T503] loop0: detected capacity change from 0 to 512
[ 30.286087][ T503] EXT4-fs: Ignoring removed bh option
[ 30.292110][ T503] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.301493][ T503] EXT4-fs (loop0): 1 truncate cleaned up
[pid 503] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 503] exit_group(0) = ?
[pid 503] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=503, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs") = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 505
./strace-static-x86_64: Process 505 attached
[pid 505] set_robust_list(0x555556534660, 24) = 0
[pid 505] chdir("./98") = 0
[pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 505] setpgid(0, 0) = 0
[pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 505] write(3, "1000", 4) = 4
[pid 505] close(3) = 0
[pid 505] symlink("/dev/binderfs", "./binderfs") = 0
[pid 505] memfd_create("syzkaller", 0) = 3
[pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 505] munmap(0x7f492ad65000, 138412032) = 0
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 505] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 505] close(3) = 0
[pid 505] mkdir("./file0", 0777) = 0
[ 30.321123][ T503] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.353142][ T505] loop0: detected capacity change from 0 to 512
[ 30.360123][ T505] EXT4-fs: Ignoring removed bh option
[ 30.365856][ T505] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 505] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 505] chdir("./file0") = 0
[pid 505] ioctl(4, LOOP_CLR_FD) = 0
[pid 505] close(4) = 0
[pid 505] creat("./bus", 000) = 4
[pid 505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 505] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 505] chdir("./file0") = 0
[pid 505] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 505] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 505] memfd_create("syzkaller", 0) = 7
[pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 505] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 505] munmap(0x7f492ad65000, 138412032) = 0
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 505] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 505] ioctl(8, LOOP_CLR_FD) = 0
[pid 505] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 505] close(8) = 0
[pid 505] close(7) = 0
[pid 505] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 505] exit_group(0) = ?
[pid 505] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs") = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 507
./strace-static-x86_64: Process 507 attached
[pid 507] set_robust_list(0x555556534660, 24) = 0
[pid 507] chdir("./99") = 0
[pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 507] setpgid(0, 0) = 0
[pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 507] write(3, "1000", 4) = 4
[pid 507] close(3) = 0
[pid 507] symlink("/dev/binderfs", "./binderfs") = 0
[pid 507] memfd_create("syzkaller", 0) = 3
[pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 507] munmap(0x7f492ad65000, 138412032) = 0
[pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.374769][ T505] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.394914][ T505] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 507] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 507] close(3) = 0
[pid 507] mkdir("./file0", 0777) = 0
[pid 507] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 507] chdir("./file0") = 0
[pid 507] ioctl(4, LOOP_CLR_FD) = 0
[pid 507] close(4) = 0
[pid 507] creat("./bus", 000) = 4
[pid 507] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 507] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 507] chdir("./file0") = 0
[pid 507] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 507] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 507] memfd_create("syzkaller", 0) = 7
[pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 507] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 507] munmap(0x7f492ad65000, 138412032) = 0
[pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 507] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 507] ioctl(8, LOOP_CLR_FD) = 0
[pid 507] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 507] close(8) = 0
[pid 507] close(7) = 0
[ 30.430969][ T507] loop0: detected capacity change from 0 to 512
[ 30.438232][ T507] EXT4-fs: Ignoring removed bh option
[ 30.443713][ T507] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.453129][ T507] EXT4-fs (loop0): 1 truncate cleaned up
[pid 507] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 507] exit_group(0) = ?
[pid 507] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=507, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs") = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 509
./strace-static-x86_64: Process 509 attached
[pid 509] set_robust_list(0x555556534660, 24) = 0
[pid 509] chdir("./100") = 0
[pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 509] setpgid(0, 0) = 0
[pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 509] write(3, "1000", 4) = 4
[pid 509] close(3) = 0
[pid 509] symlink("/dev/binderfs", "./binderfs") = 0
[pid 509] memfd_create("syzkaller", 0) = 3
[pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 509] munmap(0x7f492ad65000, 138412032) = 0
[pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 509] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 509] close(3) = 0
[pid 509] mkdir("./file0", 0777) = 0
[ 30.479485][ T507] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.518715][ T509] loop0: detected capacity change from 0 to 512
[ 30.526137][ T509] EXT4-fs: Ignoring removed bh option
[pid 509] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 509] chdir("./file0") = 0
[pid 509] ioctl(4, LOOP_CLR_FD) = 0
[pid 509] close(4) = 0
[pid 509] creat("./bus", 000) = 4
[pid 509] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 509] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 509] chdir("./file0") = 0
[pid 509] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 509] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 509] memfd_create("syzkaller", 0) = 7
[pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 509] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 509] munmap(0x7f492ad65000, 138412032) = 0
[pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 509] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 509] ioctl(8, LOOP_CLR_FD) = 0
[pid 509] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 509] close(8) = 0
[pid 509] close(7) = 0
[ 30.531839][ T509] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.541133][ T509] EXT4-fs (loop0): 1 truncate cleaned up
[pid 509] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 509] exit_group(0) = ?
[pid 509] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=509, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs") = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 512
./strace-static-x86_64: Process 512 attached
[pid 512] set_robust_list(0x555556534660, 24) = 0
[pid 512] chdir("./101") = 0
[pid 512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 512] setpgid(0, 0) = 0
[pid 512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 512] write(3, "1000", 4) = 4
[pid 512] close(3) = 0
[pid 512] symlink("/dev/binderfs", "./binderfs") = 0
[pid 512] memfd_create("syzkaller", 0) = 3
[pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 512] munmap(0x7f492ad65000, 138412032) = 0
[pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 512] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 512] close(3) = 0
[pid 512] mkdir("./file0", 0777) = 0
[ 30.575940][ T509] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.614749][ T512] loop0: detected capacity change from 0 to 512
[pid 512] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 512] chdir("./file0") = 0
[pid 512] ioctl(4, LOOP_CLR_FD) = 0
[pid 512] close(4) = 0
[pid 512] creat("./bus", 000) = 4
[pid 512] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 512] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 512] chdir("./file0") = 0
[pid 512] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 512] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 512] memfd_create("syzkaller", 0) = 7
[pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 512] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 512] munmap(0x7f492ad65000, 138412032) = 0
[pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 512] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 512] ioctl(8, LOOP_CLR_FD) = 0
[pid 512] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 512] close(8) = 0
[pid 512] close(7) = 0
[ 30.621838][ T512] EXT4-fs: Ignoring removed bh option
[ 30.627614][ T512] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.636653][ T512] EXT4-fs (loop0): 1 truncate cleaned up
[pid 512] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 512] exit_group(0) = ?
[pid 512] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=512, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs") = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 514
./strace-static-x86_64: Process 514 attached
[pid 514] set_robust_list(0x555556534660, 24) = 0
[pid 514] chdir("./102") = 0
[pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 514] setpgid(0, 0) = 0
[pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 514] write(3, "1000", 4) = 4
[pid 514] close(3) = 0
[pid 514] symlink("/dev/binderfs", "./binderfs") = 0
[pid 514] memfd_create("syzkaller", 0) = 3
[pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 514] munmap(0x7f492ad65000, 138412032) = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 514] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 514] close(3) = 0
[pid 514] mkdir("./file0", 0777) = 0
[pid 514] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 514] chdir("./file0") = 0
[pid 514] ioctl(4, LOOP_CLR_FD) = 0
[pid 514] close(4) = 0
[pid 514] creat("./bus", 000) = 4
[pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 514] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 514] chdir("./file0") = 0
[pid 514] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 514] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 514] memfd_create("syzkaller", 0) = 7
[pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 514] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 514] munmap(0x7f492ad65000, 138412032) = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 514] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 514] ioctl(8, LOOP_CLR_FD) = 0
[pid 514] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 514] close(8) = 0
[pid 514] close(7) = 0
[ 30.662239][ T512] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.698931][ T514] loop0: detected capacity change from 0 to 512
[ 30.705952][ T514] EXT4-fs: Ignoring removed bh option
[ 30.711407][ T514] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.720489][ T514] EXT4-fs (loop0): 1 truncate cleaned up
[pid 514] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 514] exit_group(0) = ?
[pid 514] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs") = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 516
./strace-static-x86_64: Process 516 attached
[pid 516] set_robust_list(0x555556534660, 24) = 0
[pid 516] chdir("./103") = 0
[pid 516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 516] setpgid(0, 0) = 0
[pid 516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 516] write(3, "1000", 4) = 4
[pid 516] close(3) = 0
[pid 516] symlink("/dev/binderfs", "./binderfs") = 0
[pid 516] memfd_create("syzkaller", 0) = 3
[pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 516] munmap(0x7f492ad65000, 138412032) = 0
[pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.745963][ T514] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 516] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 516] close(3) = 0
[pid 516] mkdir("./file0", 0777) = 0
[pid 516] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 516] chdir("./file0") = 0
[pid 516] ioctl(4, LOOP_CLR_FD) = 0
[pid 516] close(4) = 0
[pid 516] creat("./bus", 000) = 4
[pid 516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 516] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 516] chdir("./file0") = 0
[pid 516] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 516] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 516] memfd_create("syzkaller", 0) = 7
[pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 516] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 516] munmap(0x7f492ad65000, 138412032) = 0
[pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 516] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 516] ioctl(8, LOOP_CLR_FD) = 0
[pid 516] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 516] close(8) = 0
[pid 516] close(7) = 0
[ 30.787815][ T516] loop0: detected capacity change from 0 to 512
[ 30.795546][ T516] EXT4-fs: Ignoring removed bh option
[ 30.801179][ T516] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.810374][ T516] EXT4-fs (loop0): 1 truncate cleaned up
[pid 516] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 516] exit_group(0) = ?
[pid 516] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=516, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs") = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 518
./strace-static-x86_64: Process 518 attached
[pid 518] set_robust_list(0x555556534660, 24) = 0
[pid 518] chdir("./104") = 0
[pid 518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 518] setpgid(0, 0) = 0
[pid 518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 518] write(3, "1000", 4) = 4
[pid 518] close(3) = 0
[pid 518] symlink("/dev/binderfs", "./binderfs") = 0
[pid 518] memfd_create("syzkaller", 0) = 3
[pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 518] munmap(0x7f492ad65000, 138412032) = 0
[pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 518] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 518] close(3) = 0
[pid 518] mkdir("./file0", 0777) = 0
[ 30.825520][ T516] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 30.863962][ T518] loop0: detected capacity change from 0 to 512
[ 30.871855][ T518] EXT4-fs: Ignoring removed bh option
[ 30.877484][ T518] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[pid 518] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 518] chdir("./file0") = 0
[pid 518] ioctl(4, LOOP_CLR_FD) = 0
[pid 518] close(4) = 0
[pid 518] creat("./bus", 000) = 4
[pid 518] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 518] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 518] chdir("./file0") = 0
[pid 518] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 518] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 518] memfd_create("syzkaller", 0) = 7
[pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 518] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 518] munmap(0x7f492ad65000, 138412032) = 0
[pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 518] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 518] ioctl(8, LOOP_CLR_FD) = 0
[pid 518] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 518] close(8) = 0
[pid 518] close(7) = 0
[pid 518] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 518] exit_group(0) = ?
[pid 518] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=518, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs") = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 520
./strace-static-x86_64: Process 520 attached
[pid 520] set_robust_list(0x555556534660, 24) = 0
[pid 520] chdir("./105") = 0
[pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 520] setpgid(0, 0) = 0
[pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 520] write(3, "1000", 4) = 4
[pid 520] close(3) = 0
[pid 520] symlink("/dev/binderfs", "./binderfs") = 0
[pid 520] memfd_create("syzkaller", 0) = 3
[pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 520] munmap(0x7f492ad65000, 138412032) = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.886851][ T518] EXT4-fs (loop0): 1 truncate cleaned up
[ 30.907533][ T518] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[pid 520] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 520] close(3) = 0
[pid 520] mkdir("./file0", 0777) = 0
[pid 520] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 520] chdir("./file0") = 0
[pid 520] ioctl(4, LOOP_CLR_FD) = 0
[pid 520] close(4) = 0
[pid 520] creat("./bus", 000) = 4
[pid 520] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 520] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 520] chdir("./file0") = 0
[pid 520] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 520] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 520] memfd_create("syzkaller", 0) = 7
[pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 520] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 520] munmap(0x7f492ad65000, 138412032) = 0
[pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 520] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 520] ioctl(8, LOOP_CLR_FD) = 0
[pid 520] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 520] close(8) = 0
[pid 520] close(7) = 0
[ 30.946181][ T520] loop0: detected capacity change from 0 to 512
[ 30.954796][ T520] EXT4-fs: Ignoring removed bh option
[ 30.960690][ T520] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 30.970459][ T520] EXT4-fs (loop0): 1 truncate cleaned up
[pid 520] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 520] exit_group(0) = ?
[pid 520] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs") = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 522
./strace-static-x86_64: Process 522 attached
[pid 522] set_robust_list(0x555556534660, 24) = 0
[pid 522] chdir("./106") = 0
[pid 522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 522] setpgid(0, 0) = 0
[pid 522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 522] write(3, "1000", 4) = 4
[pid 522] close(3) = 0
[pid 522] symlink("/dev/binderfs", "./binderfs") = 0
[pid 522] memfd_create("syzkaller", 0) = 3
[pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 522] munmap(0x7f492ad65000, 138412032) = 0
[pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 522] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 522] close(3) = 0
[pid 522] mkdir("./file0", 0777) = 0
[ 31.002981][ T520] EXT4-fs error (device loop0): ext4_find_dest_de:2092: inode #12: block 7: comm syz-executor543: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0
[ 31.041938][ T522] loop0: detected capacity change from 0 to 512
[pid 522] mount("/dev/loop0", "./file0", "ext3", MS_MGC_VAL|MS_NOSUID|MS_NODEV, "jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue") = 0
[pid 522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 522] chdir("./file0") = 0
[pid 522] ioctl(4, LOOP_CLR_FD) = 0
[pid 522] close(4) = 0
[pid 522] creat("./bus", 000) = 4
[pid 522] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 522] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5
[pid 522] chdir("./file0") = 0
[pid 522] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 522] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000
[pid 522] memfd_create("syzkaller", 0) = 7
[pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000
[pid 522] write(7, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072
[pid 522] munmap(0x7f492ad65000, 138412032) = 0
[pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8
[pid 522] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 522] ioctl(8, LOOP_CLR_FD) = 0
[pid 522] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy)
[pid 522] close(8) = 0
[pid 522] close(7) = 0
[ 31.049198][ T522] EXT4-fs: Ignoring removed bh option
[ 31.054751][ T522] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 31.064162][ T522] EXT4-fs (loop0): 1 truncate cleaned up
[pid 522] creat(0x20000e00, 000) = -1 EUCLEAN (Structure needs cleaning)
[pid 522] exit_group(0) = ?
[pid 522] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=522, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565356f0 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/binderfs") = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555653d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555653d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file0") = 0
getdents64(3, 0x5555565356f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556534650) = 524
./strace-static-x86_64: Process 524 attached
[pid 524] set_robust_list(0x555556534660, 24) = 0
[pid 524] chdir("./107") = 0
[pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 524] setpgid(0, 0) = 0
[pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 524] write(3, "1000", 4) = 4
[pid 524] close(3) = 0
[pid 524] symlink("/dev/binderfs", "./binderfs") = 0
[pid 524] memfd_create("syzkaller", 0) = 3
[pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f492ad65000