./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3133889167
<...>
Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts.
execve("./syz-executor3133889167", ["./syz-executor3133889167"], 0x7fffee05e130 /* 10 vars */) = 0
brk(NULL) = 0x55556afbf000
brk(0x55556afbfd00) = 0x55556afbfd00
arch_prctl(ARCH_SET_FS, 0x55556afbf380) = 0
set_tid_address(0x55556afbf650) = 297
set_robust_list(0x55556afbf660, 24) = 0
rseq(0x55556afbfca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3133889167", 4096) = 28
getrandom("\x76\xd3\xbe\xfe\xa3\x80\xee\xc0", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55556afbfd00
brk(0x55556afe0d00) = 0x55556afe0d00
brk(0x55556afe1000) = 0x55556afe1000
mprotect(0x7fcabe70c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.CydmMG", 0700) = 0
chmod("./syzkaller.CydmMG", 0777) = 0
chdir("./syzkaller.CydmMG") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 299
./strace-static-x86_64: Process 299 attached
[pid 299] set_robust_list(0x55556afbf660, 24) = 0
[pid 299] chdir("./0") = 0
[pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 299] setpgid(0, 0) = 0
[pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 299] write(3, "1000", 4) = 4
[pid 299] close(3) = 0
[pid 299] symlink("/dev/binderfs", "./binderfs") = 0
[pid 299] write(1, "executing program\n", 18executing program
) = 18
[pid 299] memfd_create("syzkaller", 0) = 3
[pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 27.917982][ T30] audit: type=1400 audit(1729987515.814:66): avc: denied { execmem } for pid=297 comm="syz-executor313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid 299] munmap(0x7fcab6259000, 138412032) = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 299] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 299] close(3) = 0
[ 27.947950][ T30] audit: type=1400 audit(1729987515.814:67): avc: denied { read write } for pid=297 comm="syz-executor313" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 27.975852][ T30] audit: type=1400 audit(1729987515.814:68): avc: denied { open } for pid=297 comm="syz-executor313" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 27.976993][ T299] loop0: detected capacity change from 0 to 1024
[pid 299] close(4) = 0
[pid 299] mkdir("./file1", 0777) = 0
[ 28.004433][ T30] audit: type=1400 audit(1729987515.814:69): avc: denied { ioctl } for pid=297 comm="syz-executor313" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 28.067027][ T30] audit: type=1400 audit(1729987515.964:70): avc: denied { mounton } for pid=299 comm="syz-executor313" path="/root/syzkaller.CydmMG/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 28.095856][ T299] EXT4-fs (loop0): Ignoring removed orlov option
[ 28.105202][ T299] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 28.115724][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[pid 299] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 299] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 299] chdir("./file1") = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 299] ioctl(4, LOOP_CLR_FD) = 0
[pid 299] close(4) = 0
[pid 299] chdir("./file0") = 0
[pid 299] creat("./bus", 000) = 4
[pid 299] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 299] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 299] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 299] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 299] exit_group(0) = ?
[ 28.148088][ T30] audit: type=1400 audit(1729987516.044:71): avc: denied { mount } for pid=299 comm="syz-executor313" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 28.176686][ T30] audit: type=1400 audit(1729987516.074:72): avc: denied { write } for pid=299 comm="syz-executor313" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[pid 299] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/lost+found") = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file0") = 0
umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file1") = 0
umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/file0") = 0
umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file1") = 0
umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file2") = 0
umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 28.207105][ T30] audit: type=1400 audit(1729987516.074:73): avc: denied { add_name } for pid=299 comm="syz-executor313" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 28.235017][ T30] audit: type=1400 audit(1729987516.074:74): avc: denied { create } for pid=299 comm="syz-executor313" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file3") = 0
umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = -1 EBUSY (Device or resource busy)
[ 28.262839][ T30] audit: type=1400 audit(1729987516.114:75): avc: denied { write open } for pid=299 comm="syz-executor313" path="/root/syzkaller.CydmMG/0/file1/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 304
./strace-static-x86_64: Process 304 attached
[pid 304] set_robust_list(0x55556afbf660, 24) = 0
[pid 304] chdir("./1") = 0
[pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 304] setpgid(0, 0) = 0
[pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 304] write(3, "1000", 4) = 4
[pid 304] close(3) = 0
[pid 304] symlink("/dev/binderfs", "./binderfs") = 0
[pid 304] write(1, "executing program\n", 18) = 18
[pid 304] memfd_create("syzkaller", 0) = 3
[pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 304] munmap(0x7fcab6259000, 138412032) = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 304] close(3) = 0
[pid 304] close(4) = 0
[pid 304] mkdir("./file1", 0777) = 0
[ 28.374240][ T304] loop0: detected capacity change from 0 to 1024
[ 28.454527][ T304] EXT4-fs (loop0): Ignoring removed orlov option
[ 28.461207][ T304] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 304] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 304] chdir("./file1") = 0
[pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 304] ioctl(4, LOOP_CLR_FD) = 0
[pid 304] close(4) = 0
[pid 304] chdir("./file0") = 0
[pid 304] creat("./bus", 000) = 4
[pid 304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 304] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 304] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 304] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 304] exit_group(0) = ?
[pid 304] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
[ 28.475143][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/lost+found") = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file0") = 0
umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file1") = 0
umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/file0") = 0
umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file1") = 0
umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file2") = 0
umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file3") = 0
umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = -1 EBUSY (Device or resource busy)
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 307
./strace-static-x86_64: Process 307 attached
[pid 307] set_robust_list(0x55556afbf660, 24) = 0
[pid 307] chdir("./2") = 0
[pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 307] setpgid(0, 0) = 0
[pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 307] write(3, "1000", 4) = 4
[pid 307] close(3) = 0
[pid 307] symlink("/dev/binderfs", "./binderfs") = 0
[pid 307] write(1, "executing program\n", 18) = 18
[pid 307] memfd_create("syzkaller", 0) = 3
[pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 307] munmap(0x7fcab6259000, 138412032) = 0
[pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 307] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 307] close(3) = 0
[pid 307] close(4) = 0
[pid 307] mkdir("./file1", 0777) = 0
[ 28.583732][ T307] loop0: detected capacity change from 0 to 1024
[ 28.595537][ T307] EXT4-fs (loop0): Ignoring removed orlov option
[ 28.606337][ T307] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 307] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 307] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 307] chdir("./file1") = 0
[pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 307] ioctl(4, LOOP_CLR_FD) = 0
[pid 307] close(4) = 0
[pid 307] chdir("./file0") = 0
[pid 307] creat("./bus", 000) = 4
[pid 307] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 307] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 307] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 307] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 307] exit_group(0) = ?
[pid 307] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/lost+found") = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file0") = 0
umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file1") = 0
umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/file0") = 0
umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file1") = 0
umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file2") = 0
umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file3") = 0
umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file1") = -1 EBUSY (Device or resource busy)
[ 28.625590][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./2/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 311
./strace-static-x86_64: Process 311 attached
[pid 311] set_robust_list(0x55556afbf660, 24) = 0
[pid 311] chdir("./3") = 0
[pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 311] setpgid(0, 0) = 0
[pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 311] write(3, "1000", 4) = 4
[pid 311] close(3) = 0
[pid 311] symlink("/dev/binderfs", "./binderfs") = 0
[pid 311] write(1, "executing program\n", 18) = 18
[pid 311] memfd_create("syzkaller", 0) = 3
[pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 311] munmap(0x7fcab6259000, 138412032) = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 311] close(3) = 0
[pid 311] close(4) = 0
[pid 311] mkdir("./file1", 0777) = 0
[ 28.773992][ T311] loop0: detected capacity change from 0 to 1024
[ 28.782177][ T311] EXT4-fs (loop0): Ignoring removed orlov option
[ 28.789479][ T311] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 311] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 311] chdir("./file1") = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_CLR_FD) = 0
[pid 311] close(4) = 0
[pid 311] chdir("./file0") = 0
[pid 311] creat("./bus", 000) = 4
[pid 311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 311] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 311] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 311] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 311] exit_group(0) = ?
[pid 311] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/lost+found") = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file0") = 0
umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file1") = 0
umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
[ 28.805596][ T311] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[ 28.861098][ T297] ==================================================================
close(5) = 0
[ 28.871100][ T297] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[ 28.881203][ T297] Read of size 4 at addr ffff88811a901000 by task syz-executor313/297
[ 28.892674][ T297]
[ 28.894981][ T297] CPU: 1 PID: 297 Comm: syz-executor313 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0
[ 28.910594][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 28.923534][ T297] Call Trace:
[ 28.927802][ T297]
[ 28.930689][ T297] dump_stack_lvl+0x151/0x1c0
[ 28.935996][ T297] ? io_uring_drop_tctx_refs+0x190/0x190
[ 28.944424][ T297] ? panic+0x760/0x760
[ 28.950405][ T297] print_address_description+0x87/0x3b0
[ 28.956332][ T297] kasan_report+0x179/0x1c0
[ 28.964407][ T297] ? ext4_xattr_delete_inode+0xcd0/0xce0
[ 28.970968][ T297] ? ext4_xattr_delete_inode+0xcd0/0xce0
[ 28.976994][ T297] __asan_report_load4_noabort+0x14/0x20
[ 28.986079][ T297] ext4_xattr_delete_inode+0xcd0/0xce0
[ 28.991885][ T297] ? sb_end_intwrite+0x120/0x120
[ 28.997686][ T297] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[ 29.008589][ T297] ? ext4_journal_check_start+0x16c/0x230
[ 29.015804][ T297] ? __kasan_check_read+0x11/0x20
[ 29.020771][ T297] ? ext4_inode_is_fast_symlink+0x295/0x3d0
[ 29.030460][ T297] ? ext4_evict_inode+0xb8d/0x14e0
[ 29.035854][ T297] ext4_evict_inode+0xea1/0x14e0
[ 29.044404][ T297] ? _raw_spin_unlock+0x4d/0x70
[ 29.051364][ T297] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[ 29.057383][ T297] ? _raw_spin_unlock+0x4d/0x70
[ 29.065262][ T297] ? inode_io_list_del+0x18b/0x1a0
[ 29.072448][ T297] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[ 29.081942][ T297] evict+0x529/0x930
[ 29.087905][ T297] ? _raw_spin_unlock+0x4d/0x70
[ 29.093096][ T297] ? mode_strip_sgid+0x220/0x220
[ 29.098350][ T297] ? __kasan_check_write+0x14/0x20
[ 29.106582][ T297] ? __kasan_check_write+0x14/0x20
[ 29.111871][ T297] ? ext4_drop_inode+0x90/0x1a0
[ 29.116984][ T297] iput+0x63b/0x7e0
[ 29.121638][ T297] vfs_rmdir+0x359/0x470
[ 29.128338][ T297] do_rmdir+0x3ab/0x630
[ 29.133263][ T297] ? d_delete_notify+0x160/0x160
[ 29.141130][ T297] ? strncpy_from_user+0x18e/0x2d0
[ 29.149844][ T297] ? getname_flags+0x1fd/0x520
[ 29.154620][ T297] __x64_sys_rmdir+0x49/0x50
[ 29.159704][ T297] x64_sys_call+0x274/0x9a0
[ 29.164412][ T297] do_syscall_64+0x3b/0xb0
[ 29.169731][ T297] ? clear_bhb_loop+0x35/0x90
[ 29.174461][ T297] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 29.180846][ T297] RIP: 0033:0x7fcabe697dc7
[ 29.186220][ T297] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 29.211293][ T297] RSP: 002b:00007ffe6ed70e78 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
[ 29.220813][ T297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcabe697dc7
[ 29.229205][ T297] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffe6ed72020
[ 29.238424][ T297] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000
[ 29.246771][ T297] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe6ed72020
[ 29.255701][ T297] R13: 000055556afd0740 R14: 431bde82d7b634db R15: 00007ffe6ed741a0
[ 29.266081][ T297]
[ 29.269047][ T297]
[ 29.271281][ T297] The buggy address belongs to the page:
[ 29.277224][ T297] page:ffffea00046a4040 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a901
[ 29.290198][ T297] flags: 0x4000000000000000(zone=1)
[ 29.295319][ T297] raw: 4000000000000000 ffffea00046a3e48 ffffea00046a6448 0000000000000000
[ 29.304853][ T297] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 29.313854][ T297] page dumped because: kasan: bad access detected
[ 29.320720][ T297] page_owner tracks the page as freed
[ 29.326260][ T297] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xc40(GFP_NOFS), pid 304, ts 28520438887, free_ts 28562133884
[ 29.340938][ T297] post_alloc_hook+0x1a3/0x1b0
[ 29.345635][ T297] prep_new_page+0x1b/0x110
[ 29.350217][ T297] get_page_from_freelist+0x3550/0x35d0
[ 29.356006][ T297] __alloc_pages+0x27e/0x8f0
[ 29.362452][ T297] pagecache_get_page+0xb18/0xeb0
[ 29.367644][ T297] ext4_mb_init_group+0x10d/0x590
[ 29.373129][ T297] ext4_mb_regular_allocator+0x1067/0x38e0
[ 29.379375][ T297] ext4_mb_new_blocks+0xfe6/0x48f0
[ 29.384719][ T297] ext4_new_meta_blocks+0x206/0x4f0
[ 29.390085][ T297] ext4_xattr_block_set+0x232a/0x37e0
[ 29.396079][ T297] ext4_xattr_set_handle+0xdac/0x1560
[ 29.401815][ T297] ext4_initxattrs+0xa7/0x120
[ 29.407347][ T297] security_inode_init_security+0x252/0x390
[ 29.414185][ T297] ext4_init_security+0x34/0x40
[ 29.420125][ T297] __ext4_new_inode+0x31f0/0x40a0
[ 29.425757][ T297] ext4_create+0x275/0x550
[ 29.430284][ T297] page last free stack trace:
[ 29.435132][ T297] free_unref_page_prepare+0x7c8/0x7d0
[ 29.441300][ T297] free_unref_page_list+0x14b/0xa60
[ 29.446766][ T297] release_pages+0x1310/0x1370
[ 29.451831][ T297] __pagevec_release+0x84/0x100
[ 29.456519][ T297] truncate_inode_pages_range+0x482/0x1160
[ 29.462470][ T297] truncate_inode_pages_final+0x83/0x90
[ 29.468771][ T297] ext4_evict_inode+0x3c8/0x14e0
[ 29.473898][ T297] evict+0x529/0x930
[ 29.478068][ T297] iput+0x63b/0x7e0
[ 29.481798][ T297] ext4_mb_release+0x78a/0xd40
[ 29.486615][ T297] ext4_put_super+0x1f8/0xd20
[ 29.491337][ T297] generic_shutdown_super+0x157/0x2e0
[ 29.496886][ T297] kill_block_super+0x7e/0xe0
[ 29.501655][ T297] deactivate_locked_super+0xad/0x110
[ 29.507894][ T297] deactivate_super+0xbe/0xf0
[ 29.512548][ T297] cleanup_mnt+0x45c/0x510
[ 29.516980][ T297]
[ 29.519455][ T297] Memory state around the buggy address:
[ 29.526272][ T297] ffff88811a900f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.535146][ T297] ffff88811a900f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.544502][ T297] >ffff88811a901000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 29.554391][ T297] ^
[ 29.558993][ T297] ffff88811a901080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 29.567653][ T297] ffff88811a901100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
rmdir("./3/file1/file0") = 0
umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file1") = 0
umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file2") = 0
umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file3") = 0
umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file1") = -1 EBUSY (Device or resource busy)
[ 29.577908][ T297] ==================================================================
[ 29.587785][ T297] Disabling lock debugging due to kernel taint
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./3/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 315
./strace-static-x86_64: Process 315 attached
[pid 315] set_robust_list(0x55556afbf660, 24) = 0
[pid 315] chdir("./4") = 0
[pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 315] setpgid(0, 0) = 0
[pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 315] write(3, "1000", 4) = 4
[pid 315] close(3) = 0
[pid 315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 315] write(1, "executing program\n", 18executing program
) = 18
[pid 315] memfd_create("syzkaller", 0) = 3
[pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 315] munmap(0x7fcab6259000, 138412032) = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 315] close(3) = 0
[pid 315] close(4) = 0
[pid 315] mkdir("./file1", 0777) = 0
[ 29.667779][ T315] loop0: detected capacity change from 0 to 1024
[ 29.754590][ T315] EXT4-fs (loop0): Ignoring removed orlov option
[ 29.774135][ T315] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 315] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 315] chdir("./file1") = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_CLR_FD) = 0
[pid 315] close(4) = 0
[pid 315] chdir("./file0") = 0
[pid 315] creat("./bus", 000) = 4
[pid 315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 315] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 315] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 315] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 315] exit_group(0) = ?
[pid 315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/lost+found") = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file0") = 0
umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file1") = 0
umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/file0") = 0
umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file1") = 0
umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file2") = 0
umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file3") = 0
umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file1") = -1 EBUSY (Device or resource busy)
[ 29.797511][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./4/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 318
./strace-static-x86_64: Process 318 attached
[pid 318] set_robust_list(0x55556afbf660, 24) = 0
[pid 318] chdir("./5") = 0
[pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 318] setpgid(0, 0) = 0
[pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 318] write(3, "1000", 4) = 4
[pid 318] close(3) = 0
[pid 318] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 318] write(1, "executing program\n", 18) = 18
[pid 318] memfd_create("syzkaller", 0) = 3
[pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 318] munmap(0x7fcab6259000, 138412032) = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 318] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 318] close(3) = 0
[pid 318] close(4) = 0
[pid 318] mkdir("./file1", 0777) = 0
[ 29.943742][ T318] loop0: detected capacity change from 0 to 1024
[pid 318] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 318] chdir("./file1") = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 318] ioctl(4, LOOP_CLR_FD) = 0
[pid 318] close(4) = 0
[pid 318] chdir("./file0") = 0
[pid 318] creat("./bus", 000) = 4
[pid 318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 318] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 318] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 318] exit_group(0) = ?
[pid 318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
[ 30.035860][ T318] EXT4-fs (loop0): Ignoring removed orlov option
[ 30.042763][ T318] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 30.056010][ T318] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/lost+found") = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file0") = 0
umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file1") = 0
umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/file0") = 0
umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file1") = 0
umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file2") = 0
umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file3") = 0
umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file1") = -1 EBUSY (Device or resource busy)
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./5/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 322
./strace-static-x86_64: Process 322 attached
[pid 322] set_robust_list(0x55556afbf660, 24) = 0
[pid 322] chdir("./6") = 0
[pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 322] setpgid(0, 0) = 0
[pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 322] write(3, "1000", 4) = 4
[pid 322] close(3) = 0
[pid 322] symlink("/dev/binderfs", "./binderfs") = 0
[pid 322] write(1, "executing program\n", 18executing program
) = 18
[pid 322] memfd_create("syzkaller", 0) = 3
[pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 322] munmap(0x7fcab6259000, 138412032) = 0
[pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 322] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 322] close(3) = 0
[pid 322] close(4) = 0
[pid 322] mkdir("./file1", 0777) = 0
[ 30.229356][ T322] loop0: detected capacity change from 0 to 1024
[pid 322] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 322] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 322] chdir("./file1") = 0
[pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 322] ioctl(4, LOOP_CLR_FD) = 0
[pid 322] close(4) = 0
[pid 322] chdir("./file0") = 0
[pid 322] creat("./bus", 000) = 4
[pid 322] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 322] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 322] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 322] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 322] exit_group(0) = ?
[pid 322] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
[ 30.275480][ T322] EXT4-fs (loop0): Ignoring removed orlov option
[ 30.282303][ T322] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 30.295397][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/lost+found") = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file0") = 0
umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file1") = 0
umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/file0") = 0
umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file1") = 0
umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file2") = 0
umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file3") = 0
umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file1") = -1 EBUSY (Device or resource busy)
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./6/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 325
./strace-static-x86_64: Process 325 attached
[pid 325] set_robust_list(0x55556afbf660, 24) = 0
[pid 325] chdir("./7") = 0
[pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 325] setpgid(0, 0) = 0
[pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 325] write(3, "1000", 4) = 4
[pid 325] close(3) = 0
[pid 325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 325] write(1, "executing program\n", 18) = 18
[pid 325] memfd_create("syzkaller", 0) = 3
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 325] munmap(0x7fcab6259000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 325] close(3) = 0
[pid 325] close(4) = 0
[pid 325] mkdir("./file1", 0777) = 0
[ 30.463933][ T325] loop0: detected capacity change from 0 to 1024
[pid 325] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 325] chdir("./file1") = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_CLR_FD) = 0
[pid 325] close(4) = 0
[pid 325] chdir("./file0") = 0
[pid 325] creat("./bus", 000) = 4
[pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 325] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 325] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 325] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 325] exit_group(0) = ?
[pid 325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/lost+found") = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file0") = 0
umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file1") = 0
umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/file0") = 0
umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file1") = 0
umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file2") = 0
umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file3") = 0
umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file1") = -1 EBUSY (Device or resource busy)
[ 30.554747][ T325] EXT4-fs (loop0): Ignoring removed orlov option
[ 30.561564][ T325] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 30.575578][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./7/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55556afbf650) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x55556afbf660, 24) = 0
[pid 329] chdir("./8") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 329] write(1, "executing program\n", 18) = 18
[pid 329] memfd_create("syzkaller", 0) = 3
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 329] munmap(0x7fcab6259000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 329] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 329] close(3) = 0
[pid 329] close(4) = 0
[pid 329] mkdir("./file1", 0777) = 0
[ 30.744559][ T329] loop0: detected capacity change from 0 to 1024
[ 30.825991][ T329] EXT4-fs (loop0): Ignoring removed orlov option
[ 30.844133][ T329] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 329] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 329] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 329] chdir("./file1") = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 329] ioctl(4, LOOP_CLR_FD) = 0
[pid 329] close(4) = 0
[pid 329] chdir("./file0") = 0
[pid 329] creat("./bus", 000) = 4
[pid 329] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 329] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 329] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 329] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 329] exit_group(0) = ?
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/lost+found") = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file0") = 0
umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file1") = 0
umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/file0") = 0
umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file1") = 0
umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file2") = 0
umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file3") = 0
umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file1") = -1 EBUSY (Device or resource busy)
[ 30.855226][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./8/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 332
./strace-static-x86_64: Process 332 attached
[pid 332] set_robust_list(0x55556afbf660, 24) = 0
[pid 332] chdir("./9") = 0
[pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 332] setpgid(0, 0) = 0
[pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 332] write(3, "1000", 4) = 4
[pid 332] close(3) = 0
[pid 332] symlink("/dev/binderfs", "./binderfs") = 0
[pid 332] write(1, "executing program\n", 18) = 18
[pid 332] memfd_create("syzkaller", 0) = 3
[pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 332] munmap(0x7fcab6259000, 138412032) = 0
[pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 332] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 332] close(3) = 0
[pid 332] close(4) = 0
[pid 332] mkdir("./file1", 0777) = 0
[ 30.963944][ T332] loop0: detected capacity change from 0 to 1024
[ 30.973027][ T332] EXT4-fs (loop0): Ignoring removed orlov option
[ 30.981033][ T332] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 332] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 332] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 332] chdir("./file1") = 0
[pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 332] ioctl(4, LOOP_CLR_FD) = 0
[pid 332] close(4) = 0
[pid 332] chdir("./file0") = 0
[pid 332] creat("./bus", 000) = 4
[pid 332] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 332] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 332] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 332] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 332] exit_group(0) = ?
[pid 332] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/lost+found") = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file0") = 0
umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file1") = 0
umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/file0") = 0
umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file1") = 0
umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file2") = 0
umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file3") = 0
umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file1") = -1 EBUSY (Device or resource busy)
[ 30.995369][ T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./9/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 335
./strace-static-x86_64: Process 335 attached
[pid 335] set_robust_list(0x55556afbf660, 24) = 0
[pid 335] chdir("./10") = 0
[pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 335] setpgid(0, 0) = 0
[pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 335] write(3, "1000", 4) = 4
[pid 335] close(3) = 0
[pid 335] symlink("/dev/binderfs", "./binderfs") = 0
[pid 335] write(1, "executing program\n", 18) = 18
[pid 335] memfd_create("syzkaller", 0) = 3
[pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 335] munmap(0x7fcab6259000, 138412032) = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 335] close(3) = 0
[pid 335] close(4) = 0
[pid 335] mkdir("./file1", 0777) = 0
[ 31.134801][ T335] loop0: detected capacity change from 0 to 1024
[ 31.214540][ T335] EXT4-fs (loop0): Ignoring removed orlov option
[ 31.234138][ T335] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 335] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 335] chdir("./file1") = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_CLR_FD) = 0
[pid 335] close(4) = 0
[pid 335] chdir("./file0") = 0
[pid 335] creat("./bus", 000) = 4
[pid 335] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 335] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 335] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 335] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 335] exit_group(0) = ?
[pid 335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/lost+found") = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file0") = 0
umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file1") = 0
umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/file0") = 0
umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file1") = 0
umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file2") = 0
umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file3") = 0
umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file1") = -1 EBUSY (Device or resource busy)
[ 31.246199][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./10/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 338
./strace-static-x86_64: Process 338 attached
[pid 338] set_robust_list(0x55556afbf660, 24) = 0
[pid 338] chdir("./11") = 0
[pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 338] setpgid(0, 0) = 0
[pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 338] write(3, "1000", 4executing program
) = 4
[pid 338] close(3) = 0
[pid 338] symlink("/dev/binderfs", "./binderfs") = 0
[pid 338] write(1, "executing program\n", 18) = 18
[pid 338] memfd_create("syzkaller", 0) = 3
[pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 338] munmap(0x7fcab6259000, 138412032) = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 338] close(3) = 0
[pid 338] close(4) = 0
[pid 338] mkdir("./file1", 0777) = 0
[ 31.428760][ T338] loop0: detected capacity change from 0 to 1024
[ 31.438777][ T338] EXT4-fs (loop0): Ignoring removed orlov option
[ 31.447596][ T338] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 338] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 338] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 338] chdir("./file1") = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_CLR_FD) = 0
[pid 338] close(4) = 0
[pid 338] chdir("./file0") = 0
[pid 338] creat("./bus", 000) = 4
[pid 338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 338] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 338] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 338] exit_group(0) = ?
[pid 338] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/lost+found") = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file0") = 0
umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file1") = 0
umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/file0") = 0
umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file1") = 0
umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file2") = 0
umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file3") = 0
umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file1") = -1 EBUSY (Device or resource busy)
[ 31.465557][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./11/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 341 attached
[pid 341] set_robust_list(0x55556afbf660, 24) = 0
[pid 341] chdir("./12"
[pid 297] <... clone resumed>, child_tidptr=0x55556afbf650) = 341
[pid 341] <... chdir resumed>) = 0
[pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 341] setpgid(0, 0) = 0
[pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 341] write(3, "1000", 4) = 4
[pid 341] close(3) = 0
[pid 341] symlink("/dev/binderfs", "./binderfs") = 0
[pid 341] write(1, "executing program\n", 18executing program
) = 18
[pid 341] memfd_create("syzkaller", 0) = 3
[pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 341] munmap(0x7fcab6259000, 138412032) = 0
[pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 341] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 341] close(3) = 0
[pid 341] close(4) = 0
[pid 341] mkdir("./file1", 0777) = 0
[ 31.594409][ T341] loop0: detected capacity change from 0 to 1024
[ 31.674522][ T341] EXT4-fs (loop0): Ignoring removed orlov option
[ 31.683877][ T341] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 341] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 341] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 341] chdir("./file1") = 0
[pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 341] ioctl(4, LOOP_CLR_FD) = 0
[pid 341] close(4) = 0
[pid 341] chdir("./file0") = 0
[pid 341] creat("./bus", 000) = 4
[pid 341] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 341] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 341] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 341] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 341] exit_group(0) = ?
[pid 341] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/lost+found") = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file0") = 0
umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file1") = 0
umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/file0") = 0
umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file1") = 0
umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file2") = 0
umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file3") = 0
umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file1") = -1 EBUSY (Device or resource busy)
[ 31.695558][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./12/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x55556afbf660, 24) = 0
[pid 345] chdir("./13") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] write(1, "executing program\n", 18executing program
) = 18
[pid 345] memfd_create("syzkaller", 0) = 3
[pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 345] munmap(0x7fcab6259000, 138412032) = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 345] close(3) = 0
[pid 345] close(4) = 0
[pid 345] mkdir("./file1", 0777) = 0
[ 31.866568][ T345] loop0: detected capacity change from 0 to 1024
[ 31.954545][ T345] EXT4-fs (loop0): Ignoring removed orlov option
[ 31.962114][ T345] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 345] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 345] chdir("./file1") = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_CLR_FD) = 0
[pid 345] close(4) = 0
[pid 345] chdir("./file0") = 0
[pid 345] creat("./bus", 000) = 4
[pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 345] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 345] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/lost+found") = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file0") = 0
umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file1") = 0
umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/file0") = 0
umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file1") = 0
umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file2") = 0
umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file3") = 0
umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file1") = -1 EBUSY (Device or resource busy)
[ 31.975718][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./13/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x55556afbf660, 24) = 0
[pid 348] chdir("./14") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] write(1, "executing program\n", 18executing program
) = 18
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 348] munmap(0x7fcab6259000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] close(4) = 0
[pid 348] mkdir("./file1", 0777) = 0
[ 32.093842][ T348] loop0: detected capacity change from 0 to 1024
[pid 348] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("./file1") = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.164531][ T348] EXT4-fs (loop0): Ignoring removed orlov option
[ 32.171156][ T348] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 32.185468][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] chdir("./file0") = 0
[pid 348] creat("./bus", 000) = 4
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 348] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 348] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/lost+found") = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file0") = 0
umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file1") = 0
umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/file0") = 0
umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file1") = 0
umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file2") = 0
umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file3") = 0
umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file1") = -1 EBUSY (Device or resource busy)
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./14/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x55556afbf660, 24) = 0
[pid 351] chdir("./15") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] close(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 351] write(1, "executing program\n", 18executing program
) = 18
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 351] munmap(0x7fcab6259000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] close(3) = 0
[pid 351] close(4) = 0
[pid 351] mkdir("./file1", 0777) = 0
[ 32.326895][ T351] loop0: detected capacity change from 0 to 1024
[ 32.415801][ T351] EXT4-fs (loop0): Ignoring removed orlov option
[ 32.423543][ T351] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 351] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("./file1") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] close(4) = 0
[pid 351] chdir("./file0") = 0
[pid 351] creat("./bus", 000) = 4
[pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 351] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 351] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/lost+found") = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file0") = 0
umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file1") = 0
umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/file0") = 0
umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file1") = 0
umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file2") = 0
umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file3") = 0
umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file1") = -1 EBUSY (Device or resource busy)
[ 32.435818][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./15/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x55556afbf660, 24) = 0
[pid 354] chdir("./16") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] write(1, "executing program\n", 18executing program
) = 18
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 354] munmap(0x7fcab6259000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] close(4) = 0
[pid 354] mkdir("./file1", 0777) = 0
[ 32.588580][ T354] loop0: detected capacity change from 0 to 1024
[pid 354] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file1") = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] chdir("./file0") = 0
[pid 354] creat("./bus", 000) = 4
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 354] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 354] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/lost+found") = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file0") = 0
umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file1") = 0
umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/file0") = 0
umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file1") = 0
umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file2") = 0
umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file3") = 0
umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file1") = -1 EBUSY (Device or resource busy)
[ 32.654575][ T354] EXT4-fs (loop0): Ignoring removed orlov option
[ 32.661744][ T354] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 32.675204][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./16/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 358
./strace-static-x86_64: Process 358 attached
[pid 358] set_robust_list(0x55556afbf660, 24) = 0
[pid 358] chdir("./17") = 0
[pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 358] setpgid(0, 0) = 0
[pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 358] write(3, "1000", 4) = 4
[pid 358] close(3) = 0
[pid 358] symlink("/dev/binderfs", "./binderfs") = 0
[pid 358] write(1, "executing program\n", 18) = 18
[pid 358] memfd_create("syzkaller", 0) = 3
[pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 358] munmap(0x7fcab6259000, 138412032) = 0
[pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 358] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 358] close(3) = 0
[pid 358] close(4) = 0
[pid 358] mkdir("./file1", 0777) = 0
[ 32.823936][ T358] loop0: detected capacity change from 0 to 1024
[ 32.832685][ T358] EXT4-fs (loop0): Ignoring removed orlov option
[ 32.842342][ T358] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 358] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 358] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 358] chdir("./file1") = 0
[pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 358] ioctl(4, LOOP_CLR_FD) = 0
[pid 358] close(4) = 0
[pid 358] chdir("./file0") = 0
[pid 358] creat("./bus", 000) = 4
[pid 358] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 358] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 358] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 358] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 358] exit_group(0) = ?
[pid 358] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/lost+found") = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file0") = 0
umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file1") = 0
umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/file0") = 0
umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file1") = 0
umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file2") = 0
umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file3") = 0
umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file1") = -1 EBUSY (Device or resource busy)
[ 32.855668][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./17/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 361
./strace-static-x86_64: Process 361 attached
[pid 361] set_robust_list(0x55556afbf660, 24) = 0
[pid 361] chdir("./18") = 0
[pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 361] setpgid(0, 0) = 0
[pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 361] write(3, "1000", 4) = 4
[pid 361] close(3) = 0
[pid 361] symlink("/dev/binderfs", "./binderfs") = 0
[pid 361] write(1, "executing program\n", 18executing program
) = 18
[pid 361] memfd_create("syzkaller", 0) = 3
[pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 361] munmap(0x7fcab6259000, 138412032) = 0
[pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 361] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 361] close(3) = 0
[pid 361] close(4) = 0
[pid 361] mkdir("./file1", 0777) = 0
[ 32.944380][ T361] loop0: detected capacity change from 0 to 1024
[ 33.034489][ T361] EXT4-fs (loop0): Ignoring removed orlov option
[ 33.054187][ T361] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 361] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 361] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 361] chdir("./file1") = 0
[pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 361] ioctl(4, LOOP_CLR_FD) = 0
[pid 361] close(4) = 0
[pid 361] chdir("./file0") = 0
[pid 361] creat("./bus", 000) = 4
[pid 361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 361] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 361] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 361] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 361] exit_group(0) = ?
[pid 361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/lost+found") = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file0") = 0
umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file1") = 0
umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/file0") = 0
umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file1") = 0
umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file2") = 0
umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file3") = 0
umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file1") = -1 EBUSY (Device or resource busy)
[ 33.075755][ T361] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./18/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 365
./strace-static-x86_64: Process 365 attached
[pid 365] set_robust_list(0x55556afbf660, 24) = 0
[pid 365] chdir("./19") = 0
[pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 365] setpgid(0, 0) = 0
[pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 365] write(3, "1000", 4) = 4
[pid 365] close(3) = 0
[pid 365] symlink("/dev/binderfs", "./binderfs") = 0
[pid 365] write(1, "executing program\n", 18) = 18
[pid 365] memfd_create("syzkaller", 0) = 3
[pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 365] munmap(0x7fcab6259000, 138412032) = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 365] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 365] close(3) = 0
[pid 365] close(4) = 0
[pid 365] mkdir("./file1", 0777) = 0
[ 33.154984][ T365] loop0: detected capacity change from 0 to 1024
[ 33.186692][ T365] EXT4-fs (loop0): Ignoring removed orlov option
[pid 365] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 365] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 365] chdir("./file1") = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 365] ioctl(4, LOOP_CLR_FD) = 0
[pid 365] close(4) = 0
[pid 365] chdir("./file0") = 0
[pid 365] creat("./bus", 000) = 4
[pid 365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 365] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 365] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 365] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 365] exit_group(0) = ?
[pid 365] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/lost+found") = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 33.193976][ T365] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 33.215313][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file0") = 0
umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file1") = 0
umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/file0") = 0
umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file1") = 0
umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file2") = 0
umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file3") = 0
umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file1") = -1 EBUSY (Device or resource busy)
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./19/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 368
./strace-static-x86_64: Process 368 attached
[pid 368] set_robust_list(0x55556afbf660, 24) = 0
[pid 368] chdir("./20") = 0
[pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 368] setpgid(0, 0) = 0
[pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 368] write(3, "1000", 4) = 4
[pid 368] close(3) = 0
[pid 368] symlink("/dev/binderfs", "./binderfs") = 0
[pid 368] write(1, "executing program\n", 18) = 18
[pid 368] memfd_create("syzkaller", 0) = 3
[pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 368] munmap(0x7fcab6259000, 138412032) = 0
[pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 368] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 368] close(3) = 0
[pid 368] close(4) = 0
[pid 368] mkdir("./file1", 0777) = 0
[ 33.345505][ T368] loop0: detected capacity change from 0 to 1024
[ 33.425935][ T368] EXT4-fs (loop0): Ignoring removed orlov option
[ 33.434188][ T368] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 368] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 368] chdir("./file1") = 0
[pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 368] ioctl(4, LOOP_CLR_FD) = 0
[pid 368] close(4) = 0
[pid 368] chdir("./file0") = 0
[pid 368] creat("./bus", 000) = 4
[pid 368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 368] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 368] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 368] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 368] exit_group(0) = ?
[pid 368] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/lost+found") = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file0") = 0
umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file1") = 0
umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/file0") = 0
umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file1") = 0
umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file2") = 0
umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file3") = 0
umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file1") = -1 EBUSY (Device or resource busy)
[ 33.455355][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./20/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 372
./strace-static-x86_64: Process 372 attached
[pid 372] set_robust_list(0x55556afbf660, 24) = 0
[pid 372] chdir("./21") = 0
[pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 372] setpgid(0, 0) = 0
[pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 372] write(3, "1000", 4) = 4
[pid 372] close(3) = 0
[pid 372] symlink("/dev/binderfs", "./binderfs") = 0
[pid 372] write(1, "executing program\n", 18executing program
) = 18
[pid 372] memfd_create("syzkaller", 0) = 3
[pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 372] munmap(0x7fcab6259000, 138412032) = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 372] close(3) = 0
[pid 372] close(4) = 0
[pid 372] mkdir("./file1", 0777) = 0
[ 33.619462][ T372] loop0: detected capacity change from 0 to 1024
[ 33.704515][ T372] EXT4-fs (loop0): Ignoring removed orlov option
[ 33.714401][ T372] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 372] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 372] chdir("./file1") = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_CLR_FD) = 0
[pid 372] close(4) = 0
[pid 372] chdir("./file0") = 0
[pid 372] creat("./bus", 000) = 4
[pid 372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 372] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 372] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 372] exit_group(0) = ?
[pid 372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/lost+found") = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file0") = 0
umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file1") = 0
umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/file0") = 0
umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file1") = 0
umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file2") = 0
umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file3") = 0
umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file1") = -1 EBUSY (Device or resource busy)
[ 33.725412][ T372] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./21/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x55556afbf660, 24) = 0
[pid 375] chdir("./22") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 375] write(1, "executing program\n", 18) = 18
[pid 375] memfd_create("syzkaller", 0) = 3
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 375] munmap(0x7fcab6259000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 375] close(3) = 0
[pid 375] close(4) = 0
[pid 375] mkdir("./file1", 0777) = 0
[ 33.903373][ T375] loop0: detected capacity change from 0 to 1024
[ 33.984654][ T375] EXT4-fs (loop0): Ignoring removed orlov option
[ 33.993743][ T375] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 375] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 375] chdir("./file1") = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_CLR_FD) = 0
[pid 375] close(4) = 0
[pid 375] chdir("./file0") = 0
[pid 375] creat("./bus", 000) = 4
[pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 375] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 375] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/lost+found") = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file0") = 0
umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 34.005441][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file1") = 0
umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/file0") = 0
umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file1") = 0
umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file2") = 0
umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file3") = 0
umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file1") = -1 EBUSY (Device or resource busy)
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./22/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 378
./strace-static-x86_64: Process 378 attached
[pid 378] set_robust_list(0x55556afbf660, 24) = 0
[pid 378] chdir("./23") = 0
[pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 378] setpgid(0, 0) = 0
[pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 378] write(3, "1000", 4) = 4
[pid 378] close(3) = 0
[pid 378] symlink("/dev/binderfs", "./binderfs") = 0
[pid 378] write(1, "executing program\n", 18) = 18
[pid 378] memfd_create("syzkaller", 0) = 3
[pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 378] munmap(0x7fcab6259000, 138412032) = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 378] close(3) = 0
[pid 378] close(4) = 0
[pid 378] mkdir("./file1", 0777) = 0
[ 34.138701][ T378] loop0: detected capacity change from 0 to 1024
[ 34.205924][ T378] EXT4-fs (loop0): Ignoring removed orlov option
[ 34.215059][ T378] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 378] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 378] chdir("./file1") = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_CLR_FD) = 0
[pid 378] close(4) = 0
[pid 378] chdir("./file0") = 0
[pid 378] creat("./bus", 000) = 4
[pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 378] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 378] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 378] exit_group(0) = ?
[pid 378] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/lost+found") = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file0") = 0
umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 34.226225][ T378] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file1") = 0
umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/file0") = 0
umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file1") = 0
umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file2") = 0
umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file3") = 0
umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file1") = -1 EBUSY (Device or resource busy)
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./23/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 381
./strace-static-x86_64: Process 381 attached
[pid 381] set_robust_list(0x55556afbf660, 24) = 0
[pid 381] chdir("./24") = 0
[pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 381] setpgid(0, 0) = 0
[pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 381] write(3, "1000", 4) = 4
[pid 381] close(3) = 0
[pid 381] symlink("/dev/binderfs", "./binderfs") = 0
[pid 381] write(1, "executing program\n", 18executing program
) = 18
[pid 381] memfd_create("syzkaller", 0) = 3
[pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 381] munmap(0x7fcab6259000, 138412032) = 0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 381] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 381] close(3) = 0
[pid 381] close(4) = 0
[pid 381] mkdir("./file1", 0777) = 0
[ 34.429819][ T381] loop0: detected capacity change from 0 to 1024
[ 34.514755][ T381] EXT4-fs (loop0): Ignoring removed orlov option
[ 34.522810][ T381] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 381] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 381] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 381] chdir("./file1") = 0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 381] ioctl(4, LOOP_CLR_FD) = 0
[pid 381] close(4) = 0
[pid 381] chdir("./file0") = 0
[pid 381] creat("./bus", 000) = 4
[pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 381] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 381] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 381] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 381] exit_group(0) = ?
[pid 381] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/lost+found") = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file0") = 0
umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file1") = 0
umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/file0") = 0
umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file1") = 0
umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file2") = 0
umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file3") = 0
umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file1") = -1 EBUSY (Device or resource busy)
[ 34.545244][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./24/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 385
./strace-static-x86_64: Process 385 attached
[pid 385] set_robust_list(0x55556afbf660, 24) = 0
[pid 385] chdir("./25") = 0
[pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 385] setpgid(0, 0) = 0
[pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 385] write(3, "1000", 4) = 4
[pid 385] close(3) = 0
[pid 385] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 385] write(1, "executing program\n", 18) = 18
[pid 385] memfd_create("syzkaller", 0) = 3
[pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 385] munmap(0x7fcab6259000, 138412032) = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 385] close(3) = 0
[pid 385] close(4) = 0
[pid 385] mkdir("./file1", 0777) = 0
[ 34.705715][ T385] loop0: detected capacity change from 0 to 1024
[pid 385] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 385] chdir("./file1") = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_CLR_FD) = 0
[pid 385] close(4) = 0
[pid 385] chdir("./file0") = 0
[pid 385] creat("./bus", 000) = 4
[pid 385] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 385] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 385] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 385] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 385] exit_group(0) = ?
[pid 385] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/lost+found") = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file0") = 0
umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file1") = 0
umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/file0") = 0
umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file1") = 0
umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file2") = 0
umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file3") = 0
umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file1") = -1 EBUSY (Device or resource busy)
[ 34.784619][ T385] EXT4-fs (loop0): Ignoring removed orlov option
[ 34.792711][ T385] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 34.805886][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./25/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 388
./strace-static-x86_64: Process 388 attached
[pid 388] set_robust_list(0x55556afbf660, 24) = 0
[pid 388] chdir("./26") = 0
[pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 388] setpgid(0, 0) = 0
[pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 388] write(3, "1000", 4) = 4
[pid 388] close(3) = 0
[pid 388] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 388] write(1, "executing program\n", 18) = 18
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 388] munmap(0x7fcab6259000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[pid 388] close(4) = 0
[pid 388] mkdir("./file1", 0777) = 0
[ 34.944289][ T388] loop0: detected capacity change from 0 to 1024
[ 35.035945][ T388] EXT4-fs (loop0): Ignoring removed orlov option
[ 35.043602][ T388] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 388] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("./file1") = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] chdir("./file0") = 0
[pid 388] creat("./bus", 000) = 4
[pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 388] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 388] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 388] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 388] exit_group(0) = ?
[pid 388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/lost+found") = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file0") = 0
umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file1") = 0
umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/file0") = 0
umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file1") = 0
umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file2") = 0
umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file3") = 0
umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file1") = -1 EBUSY (Device or resource busy)
[ 35.055316][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./26/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 391
./strace-static-x86_64: Process 391 attached
[pid 391] set_robust_list(0x55556afbf660, 24) = 0
[pid 391] chdir("./27") = 0
[pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 391] setpgid(0, 0) = 0
[pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 391] write(3, "1000", 4) = 4
[pid 391] close(3) = 0
[pid 391] symlink("/dev/binderfs", "./binderfs") = 0
[pid 391] write(1, "executing program\n", 18executing program
) = 18
[pid 391] memfd_create("syzkaller", 0) = 3
[pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 391] munmap(0x7fcab6259000, 138412032) = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 391] close(3) = 0
[pid 391] close(4) = 0
[pid 391] mkdir("./file1", 0777) = 0
[ 35.176793][ T391] loop0: detected capacity change from 0 to 1024
[ 35.274514][ T391] EXT4-fs (loop0): Ignoring removed orlov option
[ 35.281492][ T391] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 391] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 391] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 391] chdir("./file1") = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_CLR_FD) = 0
[pid 391] close(4) = 0
[pid 391] chdir("./file0") = 0
[pid 391] creat("./bus", 000) = 4
[pid 391] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 391] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 391] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 391] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 391] exit_group(0) = ?
[pid 391] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/lost+found") = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file0") = 0
umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file1") = 0
umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/file0") = 0
umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file1") = 0
umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file2") = 0
umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file3") = 0
umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file1") = -1 EBUSY (Device or resource busy)
[ 35.305319][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./27/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 394 attached
[pid 394] set_robust_list(0x55556afbf660, 24) = 0
[pid 394] chdir("./28") = 0
[pid 297] <... clone resumed>, child_tidptr=0x55556afbf650) = 394
[pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 394] setpgid(0, 0) = 0
[pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 394] write(3, "1000", 4) = 4
[pid 394] close(3) = 0
[pid 394] symlink("/dev/binderfs", "./binderfs") = 0
[pid 394] write(1, "executing program\n", 18executing program
) = 18
[pid 394] memfd_create("syzkaller", 0) = 3
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 394] munmap(0x7fcab6259000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 394] close(3) = 0
[pid 394] close(4) = 0
[pid 394] mkdir("./file1", 0777) = 0
[ 35.433563][ T394] loop0: detected capacity change from 0 to 1024
[ 35.514515][ T394] EXT4-fs (loop0): Ignoring removed orlov option
[ 35.522189][ T394] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 394] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 394] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 394] chdir("./file1") = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_CLR_FD) = 0
[pid 394] close(4) = 0
[pid 394] chdir("./file0") = 0
[pid 394] creat("./bus", 000) = 4
[pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 394] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 394] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 394] exit_group(0) = ?
[pid 394] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/lost+found") = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file0") = 0
umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file1") = 0
umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/file0") = 0
umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file1") = 0
umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file2") = 0
umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file3") = 0
umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file1") = -1 EBUSY (Device or resource busy)
[ 35.545250][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./28/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 398
./strace-static-x86_64: Process 398 attached
[pid 398] set_robust_list(0x55556afbf660, 24) = 0
[pid 398] chdir("./29") = 0
[pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 398] setpgid(0, 0) = 0
[pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 398] write(3, "1000", 4) = 4
[pid 398] close(3) = 0
[pid 398] symlink("/dev/binderfs", "./binderfs") = 0
[pid 398] write(1, "executing program\n", 18) = 18
[pid 398] memfd_create("syzkaller", 0) = 3
[pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 398] munmap(0x7fcab6259000, 138412032) = 0
[pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 398] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 398] close(3) = 0
[pid 398] close(4) = 0
[pid 398] mkdir("./file1", 0777) = 0
[ 35.667815][ T398] loop0: detected capacity change from 0 to 1024
[pid 398] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 398] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 398] chdir("./file1") = 0
[pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 398] ioctl(4, LOOP_CLR_FD) = 0
[pid 398] close(4) = 0
[pid 398] chdir("./file0") = 0
[pid 398] creat("./bus", 000) = 4
[pid 398] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 398] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 398] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 398] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 398] exit_group(0) = ?
[pid 398] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/lost+found") = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file0") = 0
umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file1") = 0
umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/file0") = 0
umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file1") = 0
umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file2") = 0
umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file3") = 0
umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file1") = -1 EBUSY (Device or resource busy)
[ 35.754550][ T398] EXT4-fs (loop0): Ignoring removed orlov option
[ 35.761467][ T398] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 35.775264][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./29/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 401
./strace-static-x86_64: Process 401 attached
[pid 401] set_robust_list(0x55556afbf660, 24) = 0
[pid 401] chdir("./30") = 0
[pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 401] setpgid(0, 0) = 0
[pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 401] write(3, "1000", 4) = 4
[pid 401] close(3) = 0
[pid 401] symlink("/dev/binderfs", "./binderfs") = 0
[pid 401] write(1, "executing program\n", 18executing program
) = 18
[pid 401] memfd_create("syzkaller", 0) = 3
[pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 401] munmap(0x7fcab6259000, 138412032) = 0
[pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 401] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 401] close(3) = 0
[pid 401] close(4) = 0
[pid 401] mkdir("./file1", 0777) = 0
[ 35.949689][ T401] loop0: detected capacity change from 0 to 1024
[ 36.045813][ T401] EXT4-fs (loop0): Ignoring removed orlov option
[ 36.052510][ T401] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 401] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 401] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 401] chdir("./file1") = 0
[pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 401] ioctl(4, LOOP_CLR_FD) = 0
[pid 401] close(4) = 0
[pid 401] chdir("./file0") = 0
[pid 401] creat("./bus", 000) = 4
[pid 401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 401] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 401] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 401] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 401] exit_group(0) = ?
[pid 401] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/lost+found") = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file0") = 0
umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file1") = 0
umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/file0") = 0
umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 36.065363][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
unlink("./30/file1/file1") = 0
umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file2") = 0
umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file3") = 0
umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file1") = -1 EBUSY (Device or resource busy)
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./30/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 404
./strace-static-x86_64: Process 404 attached
[pid 404] set_robust_list(0x55556afbf660, 24) = 0
[pid 404] chdir("./31") = 0
[pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 404] setpgid(0, 0) = 0
[pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 404] write(3, "1000", 4) = 4
[pid 404] close(3) = 0
[pid 404] symlink("/dev/binderfs", "./binderfs") = 0
[pid 404] write(1, "executing program\n", 18executing program
) = 18
[pid 404] memfd_create("syzkaller", 0) = 3
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 404] munmap(0x7fcab6259000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 404] close(3) = 0
[pid 404] close(4) = 0
[pid 404] mkdir("./file1", 0777) = 0
[ 36.224418][ T404] loop0: detected capacity change from 0 to 1024
[ 36.304519][ T404] EXT4-fs (loop0): Ignoring removed orlov option
[ 36.311478][ T404] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 404] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 404] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 404] chdir("./file1") = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_CLR_FD) = 0
[pid 404] close(4) = 0
[pid 404] chdir("./file0") = 0
[pid 404] creat("./bus", 000) = 4
[pid 404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 404] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 404] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 404] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 404] exit_group(0) = ?
[pid 404] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/lost+found") = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
[ 36.325628][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file0") = 0
umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file1") = 0
umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/file0") = 0
umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file1") = 0
umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file2") = 0
umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file3") = 0
umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file1") = -1 EBUSY (Device or resource busy)
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./31/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 407
./strace-static-x86_64: Process 407 attached
[pid 407] set_robust_list(0x55556afbf660, 24) = 0
[pid 407] chdir("./32") = 0
[pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 407] setpgid(0, 0) = 0
[pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 407] write(3, "1000", 4) = 4
[pid 407] close(3) = 0
[pid 407] symlink("/dev/binderfs", "./binderfs") = 0
[pid 407] write(1, "executing program\n", 18executing program
) = 18
[pid 407] memfd_create("syzkaller", 0) = 3
[pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 407] munmap(0x7fcab6259000, 138412032) = 0
[pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 407] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 407] close(3) = 0
[pid 407] close(4) = 0
[pid 407] mkdir("./file1", 0777) = 0
[ 36.509419][ T407] loop0: detected capacity change from 0 to 1024
[pid 407] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 407] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 407] chdir("./file1") = 0
[pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 407] ioctl(4, LOOP_CLR_FD) = 0
[pid 407] close(4) = 0
[pid 407] chdir("./file0") = 0
[pid 407] creat("./bus", 000) = 4
[pid 407] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 407] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 407] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 407] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 407] exit_group(0) = ?
[pid 407] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/lost+found") = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file0") = 0
umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file1") = 0
umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/file0") = 0
umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file1") = 0
[ 36.585989][ T407] EXT4-fs (loop0): Ignoring removed orlov option
[ 36.592951][ T407] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 36.605507][ T407] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file2") = 0
umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file3") = 0
umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file1") = -1 EBUSY (Device or resource busy)
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./32/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 411
./strace-static-x86_64: Process 411 attached
[pid 411] set_robust_list(0x55556afbf660, 24) = 0
[pid 411] chdir("./33") = 0
[pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 411] setpgid(0, 0) = 0
[pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 411] write(3, "1000", 4) = 4
[pid 411] close(3) = 0
[pid 411] symlink("/dev/binderfs", "./binderfs") = 0
[pid 411] write(1, "executing program\n", 18executing program
) = 18
[pid 411] memfd_create("syzkaller", 0) = 3
[pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 411] munmap(0x7fcab6259000, 138412032) = 0
[pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 411] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 411] close(3) = 0
[pid 411] close(4) = 0
[pid 411] mkdir("./file1", 0777) = 0
[ 36.783139][ T411] loop0: detected capacity change from 0 to 1024
[ 36.864646][ T411] EXT4-fs (loop0): Ignoring removed orlov option
[ 36.873543][ T411] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 411] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 411] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 411] chdir("./file1") = 0
[pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 411] ioctl(4, LOOP_CLR_FD) = 0
[pid 411] close(4) = 0
[pid 411] chdir("./file0") = 0
[pid 411] creat("./bus", 000) = 4
[pid 411] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 411] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 411] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 411] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 411] exit_group(0) = ?
[pid 411] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/lost+found") = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file0") = 0
umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file1") = 0
umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/file0") = 0
umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file1") = 0
umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file2") = 0
umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file3") = 0
umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file1") = -1 EBUSY (Device or resource busy)
[ 36.895990][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./33/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 414
./strace-static-x86_64: Process 414 attached
[pid 414] set_robust_list(0x55556afbf660, 24) = 0
[pid 414] chdir("./34") = 0
[pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 414] setpgid(0, 0) = 0
[pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 414] write(3, "1000", 4) = 4
[pid 414] close(3) = 0
[pid 414] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 414] write(1, "executing program\n", 18) = 18
[pid 414] memfd_create("syzkaller", 0) = 3
[pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 414] munmap(0x7fcab6259000, 138412032) = 0
[pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 414] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 414] close(3) = 0
[pid 414] close(4) = 0
[pid 414] mkdir("./file1", 0777) = 0
[ 37.064865][ T414] loop0: detected capacity change from 0 to 1024
[pid 414] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[ 37.164530][ T414] EXT4-fs (loop0): Ignoring removed orlov option
[ 37.172525][ T414] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 414] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 414] chdir("./file1") = 0
[pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 414] ioctl(4, LOOP_CLR_FD) = 0
[pid 414] close(4) = 0
[pid 414] chdir("./file0") = 0
[pid 414] creat("./bus", 000) = 4
[pid 414] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 414] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 414] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 414] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 414] exit_group(0) = ?
[pid 414] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/lost+found") = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file0") = 0
umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file1") = 0
umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/file0") = 0
umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 37.185467][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
unlink("./34/file1/file1") = 0
umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file2") = 0
umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file3") = 0
umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file1") = -1 EBUSY (Device or resource busy)
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./34/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 417 attached
, child_tidptr=0x55556afbf650) = 417
[pid 417] set_robust_list(0x55556afbf660, 24) = 0
[pid 417] chdir("./35") = 0
[pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 417] setpgid(0, 0) = 0
[pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 417] write(3, "1000", 4) = 4
[pid 417] close(3) = 0
[pid 417] symlink("/dev/binderfs", "./binderfs") = 0
[pid 417] write(1, "executing program\n", 18executing program
) = 18
[pid 417] memfd_create("syzkaller", 0) = 3
[pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 417] munmap(0x7fcab6259000, 138412032) = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 417] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 417] close(3) = 0
[pid 417] close(4) = 0
[pid 417] mkdir("./file1", 0777) = 0
[ 37.296087][ T417] loop0: detected capacity change from 0 to 1024
[ 37.394596][ T417] EXT4-fs (loop0): Ignoring removed orlov option
[ 37.402421][ T417] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 417] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 417] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 417] chdir("./file1") = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 417] ioctl(4, LOOP_CLR_FD) = 0
[pid 417] close(4) = 0
[pid 417] chdir("./file0") = 0
[pid 417] creat("./bus", 000) = 4
[pid 417] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 417] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 417] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 417] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 417] exit_group(0) = ?
[pid 417] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/lost+found") = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file0") = 0
umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file1") = 0
umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/file0") = 0
umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file1") = 0
umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file2") = 0
umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file3") = 0
umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file1") = -1 EBUSY (Device or resource busy)
[ 37.416057][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./35/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 420
./strace-static-x86_64: Process 420 attached
[pid 420] set_robust_list(0x55556afbf660, 24) = 0
[pid 420] chdir("./36") = 0
[pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 420] setpgid(0, 0) = 0
[pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 420] write(3, "1000", 4) = 4
[pid 420] close(3) = 0
[pid 420] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 420] write(1, "executing program\n", 18) = 18
[pid 420] memfd_create("syzkaller", 0) = 3
[pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 420] munmap(0x7fcab6259000, 138412032) = 0
[pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 420] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 420] close(3) = 0
[pid 420] close(4) = 0
[pid 420] mkdir("./file1", 0777) = 0
[ 37.586370][ T420] loop0: detected capacity change from 0 to 1024
[ 37.674728][ T420] EXT4-fs (loop0): Ignoring removed orlov option
[ 37.682805][ T420] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 420] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 420] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 420] chdir("./file1") = 0
[pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 420] ioctl(4, LOOP_CLR_FD) = 0
[pid 420] close(4) = 0
[pid 420] chdir("./file0") = 0
[pid 420] creat("./bus", 000) = 4
[pid 420] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 420] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 420] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 420] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 420] exit_group(0) = ?
[pid 420] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/lost+found") = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file0") = 0
umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file1") = 0
umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/file0") = 0
umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file1") = 0
umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file2") = 0
umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file3") = 0
umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file1") = -1 EBUSY (Device or resource busy)
[ 37.705446][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./36/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 424
./strace-static-x86_64: Process 424 attached
[pid 424] set_robust_list(0x55556afbf660, 24) = 0
[pid 424] chdir("./37") = 0
[pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 424] setpgid(0, 0) = 0
[pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 424] write(3, "1000", 4) = 4
[pid 424] close(3) = 0
[pid 424] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 424] write(1, "executing program\n", 18) = 18
[pid 424] memfd_create("syzkaller", 0) = 3
[pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 424] munmap(0x7fcab6259000, 138412032) = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 424] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 424] close(3) = 0
[pid 424] close(4) = 0
[pid 424] mkdir("./file1", 0777) = 0
[ 37.858035][ T424] loop0: detected capacity change from 0 to 1024
[ 37.934495][ T424] EXT4-fs (loop0): Ignoring removed orlov option
[ 37.942343][ T424] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 424] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 424] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 424] chdir("./file1") = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 424] ioctl(4, LOOP_CLR_FD) = 0
[pid 424] close(4) = 0
[pid 424] chdir("./file0") = 0
[pid 424] creat("./bus", 000) = 4
[pid 424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 424] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 424] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 424] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 424] exit_group(0) = ?
[pid 424] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/lost+found") = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file0") = 0
umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file1") = 0
umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/file0") = 0
umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file1") = 0
umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file2") = 0
umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file3") = 0
umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 37.955347][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file1") = -1 EBUSY (Device or resource busy)
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./37/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 427
./strace-static-x86_64: Process 427 attached
[pid 427] set_robust_list(0x55556afbf660, 24) = 0
[pid 427] chdir("./38") = 0
[pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 427] setpgid(0, 0) = 0
[pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 427] write(3, "1000", 4) = 4
[pid 427] close(3) = 0
[pid 427] symlink("/dev/binderfs", "./binderfs") = 0
[pid 427] write(1, "executing program\n", 18executing program
) = 18
[pid 427] memfd_create("syzkaller", 0) = 3
[pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 427] munmap(0x7fcab6259000, 138412032) = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 427] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 427] close(3) = 0
[pid 427] close(4) = 0
[pid 427] mkdir("./file1", 0777) = 0
[ 38.086246][ T427] loop0: detected capacity change from 0 to 1024
[pid 427] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 427] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 427] chdir("./file1") = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 427] ioctl(4, LOOP_CLR_FD) = 0
[pid 427] close(4) = 0
[pid 427] chdir("./file0") = 0
[pid 427] creat("./bus", 000) = 4
[pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 427] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 427] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 427] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 427] exit_group(0) = ?
[pid 427] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/lost+found") = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 38.176117][ T427] EXT4-fs (loop0): Ignoring removed orlov option
[ 38.182961][ T427] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 38.195790][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file0") = 0
umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file1") = 0
umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/file0") = 0
umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file1") = 0
umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file2") = 0
umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file3") = 0
umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file1") = -1 EBUSY (Device or resource busy)
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./38/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 430
./strace-static-x86_64: Process 430 attached
[pid 430] set_robust_list(0x55556afbf660, 24) = 0
[pid 430] chdir("./39") = 0
[pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 430] setpgid(0, 0) = 0
[pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 430] write(3, "1000", 4) = 4
[pid 430] close(3) = 0
[pid 430] symlink("/dev/binderfs", "./binderfs") = 0
[pid 430] write(1, "executing program\n", 18executing program
) = 18
[pid 430] memfd_create("syzkaller", 0) = 3
[pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 430] munmap(0x7fcab6259000, 138412032) = 0
[pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 430] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 430] close(3) = 0
[pid 430] close(4) = 0
[pid 430] mkdir("./file1", 0777) = 0
[ 38.351231][ T430] loop0: detected capacity change from 0 to 1024
[ 38.434526][ T430] EXT4-fs (loop0): Ignoring removed orlov option
[ 38.441354][ T430] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 430] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 430] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 430] chdir("./file1") = 0
[pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 430] ioctl(4, LOOP_CLR_FD) = 0
[pid 430] close(4) = 0
[pid 430] chdir("./file0") = 0
[pid 430] creat("./bus", 000) = 4
[pid 430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 430] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 430] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 430] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 430] exit_group(0) = ?
[pid 430] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/lost+found") = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file0") = 0
umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file1") = 0
umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/file0") = 0
umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file1") = 0
umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file2") = 0
umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file3") = 0
umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 38.455852][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
rmdir("./39/file1") = -1 EBUSY (Device or resource busy)
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./39/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 433
./strace-static-x86_64: Process 433 attached
[pid 433] set_robust_list(0x55556afbf660, 24) = 0
[pid 433] chdir("./40") = 0
[pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 433] setpgid(0, 0) = 0
[pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 433] write(3, "1000", 4) = 4
[pid 433] close(3) = 0
[pid 433] symlink("/dev/binderfs", "./binderfs") = 0
[pid 433] write(1, "executing program\n", 18) = 18
[pid 433] memfd_create("syzkaller", 0) = 3
[pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 433] munmap(0x7fcab6259000, 138412032) = 0
[pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 433] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 433] close(3) = 0
[pid 433] close(4) = 0
[pid 433] mkdir("./file1", 0777) = 0
[ 38.623620][ T433] loop0: detected capacity change from 0 to 1024
[ 38.632695][ T433] EXT4-fs (loop0): Ignoring removed orlov option
[ 38.640570][ T433] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 433] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 433] chdir("./file1") = 0
[pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 433] ioctl(4, LOOP_CLR_FD) = 0
[pid 433] close(4) = 0
[pid 433] chdir("./file0") = 0
[pid 433] creat("./bus", 000) = 4
[pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 433] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 433] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 433] exit_group(0) = ?
[pid 433] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/lost+found") = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file0") = 0
umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file1") = 0
umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/file0") = 0
umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file1") = 0
umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file2") = 0
umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file3") = 0
umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file1") = -1 EBUSY (Device or resource busy)
[ 38.655589][ T433] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./40/file1") = 0
getdents64(3, 0x55556afc06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556afbf650) = 437
./strace-static-x86_64: Process 437 attached
[pid 437] set_robust_list(0x55556afbf660, 24) = 0
[pid 437] chdir("./41") = 0
[pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 437] setpgid(0, 0) = 0
[pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 437] write(3, "1000", 4) = 4
[pid 437] close(3) = 0
[pid 437] symlink("/dev/binderfs", "./binderfs") = 0
[pid 437] write(1, "executing program\n", 18) = 18
[pid 437] memfd_create("syzkaller", 0) = 3
[pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcab6259000
[pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 437] munmap(0x7fcab6259000, 138412032) = 0
[pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 437] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 437] close(3) = 0
[pid 437] close(4) = 0
[pid 437] mkdir("./file1", 0777) = 0
[ 38.774177][ T437] loop0: detected capacity change from 0 to 1024
[ 38.804789][ T437] EXT4-fs (loop0): Ignoring removed orlov option
[ 38.813181][ T437] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[pid 437] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0
[pid 437] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 437] chdir("./file1") = 0
[pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 437] ioctl(4, LOOP_CLR_FD) = 0
[pid 437] close(4) = 0
[pid 437] chdir("./file0") = 0
[pid 437] creat("./bus", 000) = 4
[pid 437] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 437] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5
[pid 437] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
[pid 437] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor)
[pid 437] exit_group(0) = ?
[pid 437] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=437, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55556afc06f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55556afc8730 /* 8 entries */, 32768) = 240
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/lost+found") = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55556afd0770 /* 5 entries */, 32768) = 136
umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file0") = 0
umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file1") = 0
umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/bus") = 0
getdents64(5, 0x55556afd0770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/file0") = 0
umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file1") = 0
umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file2") = 0
umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file3") = 0
umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file.cold") = 0
getdents64(4, 0x55556afc8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file1") = -1 EBUSY (Device or resource busy)
[ 38.825793][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.