./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3307054551
<...>
Warning: Permanently added '10.128.1.185' (ED25519) to the list of known hosts.
execve("./syz-executor3307054551", ["./syz-executor3307054551"], 0x7fff3d9e6610 /* 10 vars */) = 0
brk(NULL) = 0x555556e60000
brk(0x555556e60d00) = 0x555556e60d00
arch_prctl(ARCH_SET_FS, 0x555556e60380) = 0
set_tid_address(0x555556e60650) = 5026
set_robust_list(0x555556e60660, 24) = 0
rseq(0x555556e60ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3307054551", 4096) = 28
getrandom("\xdf\x67\x55\xad\x1f\x01\x23\x5b", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556e60d00
brk(0x555556e81d00) = 0x555556e81d00
brk(0x555556e82000) = 0x555556e82000
mprotect(0x7fa87123a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.5wFQh6", 0700) = 0
chmod("./syzkaller.5wFQh6", 0777) = 0
chdir("./syzkaller.5wFQh6") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5027
./strace-static-x86_64: Process 5027 attached
[pid 5027] set_robust_list(0x555556e60660, 24) = 0
[pid 5027] chdir("./0") = 0
[pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5027] setpgid(0, 0) = 0
[pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5027] write(3, "1000", 4) = 4
[pid 5027] close(3) = 0
[pid 5027] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5027] memfd_create("syzkaller", 0) = 3
[pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5027] munmap(0x7fa868d87000, 262144) = 0
[pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5027] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5027] close(3) = 0
[pid 5027] mkdir("./file1", 0777) = 0
[ 59.546825][ T5027] syz-executor330[5027]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 59.572223][ T5027] loop0: detected capacity change from 0 to 512
[ 59.583389][ T5027] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[pid 5027] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5027] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5027] chdir("./file1") = 0
[pid 5027] ioctl(4, LOOP_CLR_FD) = 0
[pid 5027] close(4) = 0
[pid 5027] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5027] creat("./file1", 000) = 4
[pid 5027] exit_group(0) = ?
[pid 5027] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 59.601939][ T5027] EXT4-fs (loop0): 1 truncate cleaned up
[ 59.607679][ T5027] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5031 attached
, child_tidptr=0x555556e60650) = 5031
[pid 5031] set_robust_list(0x555556e60660, 24) = 0
[pid 5031] chdir("./1") = 0
[pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5031] setpgid(0, 0) = 0
[pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5031] write(3, "1000", 4) = 4
[pid 5031] close(3) = 0
[pid 5031] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5031] memfd_create("syzkaller", 0) = 3
[pid 5031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 59.658537][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5031] munmap(0x7fa868d87000, 262144) = 0
[pid 5031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5031] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5031] close(3) = 0
[pid 5031] mkdir("./file1", 0777) = 0
[pid 5031] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5031] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5031] chdir("./file1") = 0
[pid 5031] ioctl(4, LOOP_CLR_FD) = 0
[pid 5031] close(4) = 0
[pid 5031] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5031] creat("./file1", 000) = 4
[pid 5031] exit_group(0) = ?
[pid 5031] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 59.722308][ T5031] loop0: detected capacity change from 0 to 512
[ 59.733538][ T5031] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 59.749848][ T5031] EXT4-fs (loop0): 1 truncate cleaned up
[ 59.755599][ T5031] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached
, child_tidptr=0x555556e60650) = 5033
[pid 5033] set_robust_list(0x555556e60660, 24) = 0
[pid 5033] chdir("./2") = 0
[pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5033] setpgid(0, 0) = 0
[pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5033] write(3, "1000", 4) = 4
[pid 5033] close(3) = 0
[pid 5033] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5033] memfd_create("syzkaller", 0) = 3
[pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5033] munmap(0x7fa868d87000, 262144) = 0
[pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 59.798177][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5033] close(3) = 0
[pid 5033] mkdir("./file1", 0777) = 0
[pid 5033] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5033] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5033] chdir("./file1") = 0
[pid 5033] ioctl(4, LOOP_CLR_FD) = 0
[pid 5033] close(4) = 0
[pid 5033] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5033] creat("./file1", 000) = 4
[pid 5033] exit_group(0) = ?
[pid 5033] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 59.857869][ T5033] loop0: detected capacity change from 0 to 512
[ 59.869835][ T5033] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 59.886167][ T5033] EXT4-fs (loop0): 1 truncate cleaned up
[ 59.892106][ T5033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5035 attached
, child_tidptr=0x555556e60650) = 5035
[pid 5035] set_robust_list(0x555556e60660, 24) = 0
[pid 5035] chdir("./3") = 0
[pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5035] setpgid(0, 0) = 0
[pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5035] write(3, "1000", 4) = 4
[pid 5035] close(3) = 0
[pid 5035] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5035] memfd_create("syzkaller", 0) = 3
[pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5035] munmap(0x7fa868d87000, 262144) = 0
[pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 59.934915][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5035] close(3) = 0
[pid 5035] mkdir("./file1", 0777) = 0
[ 59.982088][ T5035] loop0: detected capacity change from 0 to 512
[ 60.001524][ T5035] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.019229][ T5035] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5035] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5035] chdir("./file1") = 0
[pid 5035] ioctl(4, LOOP_CLR_FD) = 0
[pid 5035] close(4) = 0
[pid 5035] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5035] creat("./file1", 000) = 4
[pid 5035] exit_group(0) = ?
[pid 5035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5037 attached
, child_tidptr=0x555556e60650) = 5037
[pid 5037] set_robust_list(0x555556e60660, 24) = 0
[pid 5037] chdir("./4") = 0
[pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5037] setpgid(0, 0) = 0
[pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5037] write(3, "1000", 4) = 4
[pid 5037] close(3) = 0
[pid 5037] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5037] memfd_create("syzkaller", 0) = 3
[pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 60.025150][ T5035] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 60.060136][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5037] munmap(0x7fa868d87000, 262144) = 0
[pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5037] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5037] close(3) = 0
[pid 5037] mkdir("./file1", 0777) = 0
[pid 5037] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5037] chdir("./file1") = 0
[pid 5037] ioctl(4, LOOP_CLR_FD) = 0
[pid 5037] close(4) = 0
[pid 5037] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5037] creat("./file1", 000) = 4
[pid 5037] exit_group(0) = ?
[pid 5037] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 60.120888][ T5037] loop0: detected capacity change from 0 to 512
[ 60.131114][ T5037] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.150840][ T5037] EXT4-fs (loop0): 1 truncate cleaned up
[ 60.156592][ T5037] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached
, child_tidptr=0x555556e60650) = 5039
[pid 5039] set_robust_list(0x555556e60660, 24) = 0
[pid 5039] chdir("./5") = 0
[pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5039] setpgid(0, 0) = 0
[pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5039] write(3, "1000", 4) = 4
[pid 5039] close(3) = 0
[pid 5039] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5039] memfd_create("syzkaller", 0) = 3
[pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5039] munmap(0x7fa868d87000, 262144) = 0
[pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.190721][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5039] close(3) = 0
[pid 5039] mkdir("./file1", 0777) = 0
[ 60.240164][ T5039] loop0: detected capacity change from 0 to 512
[ 60.252206][ T5039] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.272523][ T5039] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5039] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5039] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5039] chdir("./file1") = 0
[pid 5039] ioctl(4, LOOP_CLR_FD) = 0
[pid 5039] close(4) = 0
[pid 5039] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5039] creat("./file1", 000) = 4
[pid 5039] exit_group(0) = ?
[pid 5039] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 60.278387][ T5039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5041 attached
, child_tidptr=0x555556e60650) = 5041
[pid 5041] set_robust_list(0x555556e60660, 24) = 0
[pid 5041] chdir("./6") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5041] munmap(0x7fa868d87000, 262144) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./file1", 0777) = 0
[ 60.314775][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 60.353231][ T5041] loop0: detected capacity change from 0 to 512
[pid 5041] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./file1") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5041] creat("./file1", 000) = 4
[pid 5041] exit_group(0) = ?
[pid 5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 60.363409][ T5041] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.378607][ T5041] EXT4-fs (loop0): 1 truncate cleaned up
[ 60.384381][ T5041] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached
<unfinished ...>
[pid 5044] set_robust_list(0x555556e60660, 24) = 0
[pid 5044] chdir("./7") = 0
[pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5044] setpgid(0, 0) = 0
[pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5044
[pid 5044] <... openat resumed>) = 3
[pid 5044] write(3, "1000", 4) = 4
[pid 5044] close(3) = 0
[pid 5044] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5044] memfd_create("syzkaller", 0) = 3
[pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 60.423302][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5044] munmap(0x7fa868d87000, 262144) = 0
[pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5044] close(3) = 0
[pid 5044] mkdir("./file1", 0777) = 0
[ 60.465718][ T5044] loop0: detected capacity change from 0 to 512
[ 60.487152][ T5044] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.502367][ T5044] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5044] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5044] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5044] chdir("./file1") = 0
[pid 5044] ioctl(4, LOOP_CLR_FD) = 0
[pid 5044] close(4) = 0
[pid 5044] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5044] creat("./file1", 000) = 4
[pid 5044] exit_group(0) = ?
[pid 5044] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 60.508696][ T5044] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached
, child_tidptr=0x555556e60650) = 5046
[pid 5046] set_robust_list(0x555556e60660, 24) = 0
[pid 5046] chdir("./8") = 0
[pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5046] setpgid(0, 0) = 0
[pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5046] write(3, "1000", 4) = 4
[pid 5046] close(3) = 0
[pid 5046] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5046] memfd_create("syzkaller", 0) = 3
[pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5046] munmap(0x7fa868d87000, 262144) = 0
[pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.557986][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5046] close(3) = 0
[pid 5046] mkdir("./file1", 0777) = 0
[pid 5046] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5046] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5046] chdir("./file1") = 0
[pid 5046] ioctl(4, LOOP_CLR_FD) = 0
[pid 5046] close(4) = 0
[pid 5046] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5046] creat("./file1", 000) = 4
[pid 5046] exit_group(0) = ?
[pid 5046] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 60.618620][ T5046] loop0: detected capacity change from 0 to 512
[ 60.628786][ T5046] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.644323][ T5046] EXT4-fs (loop0): 1 truncate cleaned up
[ 60.650982][ T5046] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5048
./strace-static-x86_64: Process 5048 attached
[pid 5048] set_robust_list(0x555556e60660, 24) = 0
[pid 5048] chdir("./9") = 0
[pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5048] setpgid(0, 0) = 0
[pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5048] write(3, "1000", 4) = 4
[pid 5048] close(3) = 0
[pid 5048] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5048] memfd_create("syzkaller", 0) = 3
[pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5048] munmap(0x7fa868d87000, 262144) = 0
[pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.697541][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5048] close(3) = 0
[pid 5048] mkdir("./file1", 0777) = 0
[pid 5048] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5048] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5048] chdir("./file1") = 0
[pid 5048] ioctl(4, LOOP_CLR_FD) = 0
[pid 5048] close(4) = 0
[pid 5048] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5048] creat("./file1", 000) = 4
[pid 5048] exit_group(0) = ?
[pid 5048] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 60.747110][ T5048] loop0: detected capacity change from 0 to 512
[ 60.758280][ T5048] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.772926][ T5048] EXT4-fs (loop0): 1 truncate cleaned up
[ 60.779433][ T5048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5050 attached
, child_tidptr=0x555556e60650) = 5050
[pid 5050] set_robust_list(0x555556e60660, 24) = 0
[pid 5050] chdir("./10") = 0
[pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5050] setpgid(0, 0) = 0
[pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5050] write(3, "1000", 4) = 4
[pid 5050] close(3) = 0
[pid 5050] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5050] memfd_create("syzkaller", 0) = 3
[pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5050] munmap(0x7fa868d87000, 262144) = 0
[pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5050] close(3) = 0
[pid 5050] mkdir("./file1", 0777) = 0
[ 60.814801][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 60.854264][ T5050] loop0: detected capacity change from 0 to 512
[pid 5050] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5050] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5050] chdir("./file1") = 0
[pid 5050] ioctl(4, LOOP_CLR_FD) = 0
[pid 5050] close(4) = 0
[pid 5050] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5050] creat("./file1", 000) = 4
[pid 5050] exit_group(0) = ?
[pid 5050] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 60.864961][ T5050] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.883501][ T5050] EXT4-fs (loop0): 1 truncate cleaned up
[ 60.889513][ T5050] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5052 attached
, child_tidptr=0x555556e60650) = 5052
[pid 5052] set_robust_list(0x555556e60660, 24) = 0
[pid 5052] chdir("./11") = 0
[pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5052] setpgid(0, 0) = 0
[pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5052] write(3, "1000", 4) = 4
[pid 5052] close(3) = 0
[pid 5052] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5052] memfd_create("syzkaller", 0) = 3
[pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5052] munmap(0x7fa868d87000, 262144) = 0
[pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.929039][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5052] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5052] close(3) = 0
[pid 5052] mkdir("./file1", 0777) = 0
[pid 5052] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5052] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5052] chdir("./file1") = 0
[pid 5052] ioctl(4, LOOP_CLR_FD) = 0
[pid 5052] close(4) = 0
[pid 5052] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5052] creat("./file1", 000) = 4
[pid 5052] exit_group(0) = ?
[pid 5052] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
[ 60.972141][ T5052] loop0: detected capacity change from 0 to 512
[ 60.982867][ T5052] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 60.998453][ T5052] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.004728][ T5052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5054 attached
, child_tidptr=0x555556e60650) = 5054
[pid 5054] set_robust_list(0x555556e60660, 24) = 0
[pid 5054] chdir("./12") = 0
[pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5054] setpgid(0, 0) = 0
[pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5054] write(3, "1000", 4) = 4
[pid 5054] close(3) = 0
[pid 5054] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5054] memfd_create("syzkaller", 0) = 3
[pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5054] munmap(0x7fa868d87000, 262144) = 0
[ 61.047729][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5054] close(3) = 0
[pid 5054] mkdir("./file1", 0777) = 0
[pid 5054] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5054] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5054] chdir("./file1") = 0
[pid 5054] ioctl(4, LOOP_CLR_FD) = 0
[pid 5054] close(4) = 0
[pid 5054] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5054] creat("./file1", 000) = 4
[pid 5054] exit_group(0) = ?
[pid 5054] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
[ 61.109173][ T5054] loop0: detected capacity change from 0 to 512
[ 61.118541][ T5054] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.134981][ T5054] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.140906][ T5054] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached
, child_tidptr=0x555556e60650) = 5056
[pid 5056] set_robust_list(0x555556e60660, 24) = 0
[pid 5056] chdir("./13") = 0
[pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5056] setpgid(0, 0) = 0
[pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5056] write(3, "1000", 4) = 4
[pid 5056] close(3) = 0
[pid 5056] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5056] memfd_create("syzkaller", 0) = 3
[pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 61.184612][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5056] munmap(0x7fa868d87000, 262144) = 0
[pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5056] close(3) = 0
[pid 5056] mkdir("./file1", 0777) = 0
[pid 5056] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5056] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5056] chdir("./file1") = 0
[pid 5056] ioctl(4, LOOP_CLR_FD) = 0
[pid 5056] close(4) = 0
[pid 5056] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5056] creat("./file1", 000) = 4
[pid 5056] exit_group(0) = ?
[pid 5056] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
[ 61.247259][ T5056] loop0: detected capacity change from 0 to 512
[ 61.258725][ T5056] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.274014][ T5056] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.279964][ T5056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5058
./strace-static-x86_64: Process 5058 attached
[pid 5058] set_robust_list(0x555556e60660, 24) = 0
[pid 5058] chdir("./14") = 0
[pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5058] setpgid(0, 0) = 0
[pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5058] write(3, "1000", 4) = 4
[pid 5058] close(3) = 0
[pid 5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5058] memfd_create("syzkaller", 0) = 3
[pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 61.310359][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5058] munmap(0x7fa868d87000, 262144) = 0
[pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5058] close(3) = 0
[pid 5058] mkdir("./file1", 0777) = 0
[pid 5058] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5058] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5058] chdir("./file1") = 0
[pid 5058] ioctl(4, LOOP_CLR_FD) = 0
[pid 5058] close(4) = 0
[pid 5058] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5058] creat("./file1", 000) = 4
[pid 5058] exit_group(0) = ?
[pid 5058] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
[ 61.372879][ T5058] loop0: detected capacity change from 0 to 512
[ 61.382991][ T5058] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.398298][ T5058] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.404059][ T5058] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x555556e60650) = 5060
[pid 5060] set_robust_list(0x555556e60660, 24) = 0
[pid 5060] chdir("./15") = 0
[pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5060] setpgid(0, 0) = 0
[pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5060] write(3, "1000", 4) = 4
[pid 5060] close(3) = 0
[pid 5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5060] memfd_create("syzkaller", 0) = 3
[pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5060] munmap(0x7fa868d87000, 262144) = 0
[pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.451319][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5060] close(3) = 0
[pid 5060] mkdir("./file1", 0777) = 0
[pid 5060] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5060] chdir("./file1") = 0
[pid 5060] ioctl(4, LOOP_CLR_FD) = 0
[pid 5060] close(4) = 0
[pid 5060] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5060] creat("./file1", 000) = 4
[pid 5060] exit_group(0) = ?
[pid 5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 61.510940][ T5060] loop0: detected capacity change from 0 to 512
[ 61.522762][ T5060] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.539300][ T5060] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.544980][ T5060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5062
./strace-static-x86_64: Process 5062 attached
[pid 5062] set_robust_list(0x555556e60660, 24) = 0
[pid 5062] chdir("./16") = 0
[pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5062] setpgid(0, 0) = 0
[ 61.596010][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5062] write(3, "1000", 4) = 4
[pid 5062] close(3) = 0
[pid 5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5062] memfd_create("syzkaller", 0) = 3
[pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5062] munmap(0x7fa868d87000, 262144) = 0
[pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5062] close(3) = 0
[pid 5062] mkdir("./file1", 0777) = 0
[pid 5062] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5062] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5062] chdir("./file1") = 0
[pid 5062] ioctl(4, LOOP_CLR_FD) = 0
[pid 5062] close(4) = 0
[pid 5062] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5062] creat("./file1", 000) = 4
[pid 5062] exit_group(0) = ?
[pid 5062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
[ 61.670370][ T5062] loop0: detected capacity change from 0 to 512
[ 61.680500][ T5062] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.696090][ T5062] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.703858][ T5062] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached
, child_tidptr=0x555556e60650) = 5064
[pid 5064] set_robust_list(0x555556e60660, 24) = 0
[pid 5064] chdir("./17") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[ 61.748435][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5064] munmap(0x7fa868d87000, 262144) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./file1", 0777) = 0
[pid 5064] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5064] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./file1") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5064] creat("./file1", 000) = 4
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 61.821461][ T5064] loop0: detected capacity change from 0 to 512
[ 61.833140][ T5064] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.852616][ T5064] EXT4-fs (loop0): 1 truncate cleaned up
[ 61.858625][ T5064] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5066
./strace-static-x86_64: Process 5066 attached
[pid 5066] set_robust_list(0x555556e60660, 24) = 0
[pid 5066] chdir("./18") = 0
[pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5066] setpgid(0, 0) = 0
[pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5066] write(3, "1000", 4) = 4
[pid 5066] close(3) = 0
[pid 5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5066] memfd_create("syzkaller", 0) = 3
[pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5066] munmap(0x7fa868d87000, 262144) = 0
[pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.906704][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5066] close(3) = 0
[pid 5066] mkdir("./file1", 0777) = 0
[pid 5066] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5066] chdir("./file1") = 0
[pid 5066] ioctl(4, LOOP_CLR_FD) = 0
[pid 5066] close(4) = 0
[pid 5066] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5066] creat("./file1", 000) = 4
[pid 5066] exit_group(0) = ?
[pid 5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
[ 61.967747][ T5066] loop0: detected capacity change from 0 to 512
[ 61.978101][ T5066] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 61.994767][ T5066] EXT4-fs (loop0): 1 truncate cleaned up
[ 62.000563][ T5066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x555556e60650) = 5068
[pid 5068] set_robust_list(0x555556e60660, 24) = 0
[pid 5068] chdir("./19") = 0
[pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5068] setpgid(0, 0) = 0
[pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5068] write(3, "1000", 4) = 4
[pid 5068] close(3) = 0
[pid 5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5068] memfd_create("syzkaller", 0) = 3
[pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5068] munmap(0x7fa868d87000, 262144) = 0
[pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 62.034811][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5068] close(3) = 0
[pid 5068] mkdir("./file1", 0777) = 0
[pid 5068] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5068] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5068] chdir("./file1") = 0
[pid 5068] ioctl(4, LOOP_CLR_FD) = 0
[pid 5068] close(4) = 0
[pid 5068] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5068] creat("./file1", 000) = 4
[pid 5068] exit_group(0) = ?
[pid 5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
[ 62.083636][ T5068] loop0: detected capacity change from 0 to 512
[ 62.092720][ T5068] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.108607][ T5068] EXT4-fs (loop0): 1 truncate cleaned up
[ 62.114343][ T5068] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached
, child_tidptr=0x555556e60650) = 5070
[pid 5070] set_robust_list(0x555556e60660, 24) = 0
[pid 5070] chdir("./20") = 0
[pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5070] setpgid(0, 0) = 0
[pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5070] write(3, "1000", 4) = 4
[pid 5070] close(3) = 0
[pid 5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5070] memfd_create("syzkaller", 0) = 3
[pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5070] munmap(0x7fa868d87000, 262144) = 0
[ 62.156621][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5070] close(3) = 0
[pid 5070] mkdir("./file1", 0777) = 0
[pid 5070] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5070] chdir("./file1") = 0
[pid 5070] ioctl(4, LOOP_CLR_FD) = 0
[pid 5070] close(4) = 0
[pid 5070] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5070] creat("./file1", 000) = 4
[pid 5070] exit_group(0) = ?
[pid 5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
[ 62.219664][ T5070] loop0: detected capacity change from 0 to 512
[ 62.229192][ T5070] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.245163][ T5070] EXT4-fs (loop0): 1 truncate cleaned up
[ 62.251085][ T5070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached
, child_tidptr=0x555556e60650) = 5072
[pid 5072] set_robust_list(0x555556e60660, 24) = 0
[pid 5072] chdir("./21") = 0
[pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5072] setpgid(0, 0) = 0
[pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5072] write(3, "1000", 4) = 4
[pid 5072] close(3) = 0
[ 62.288585][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5072] memfd_create("syzkaller", 0) = 3
[pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5072] munmap(0x7fa868d87000, 262144) = 0
[pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5072] close(3) = 0
[pid 5072] mkdir("./file1", 0777) = 0
[pid 5072] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5072] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5072] chdir("./file1") = 0
[pid 5072] ioctl(4, LOOP_CLR_FD) = 0
[pid 5072] close(4) = 0
[pid 5072] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5072] creat("./file1", 000) = 4
[pid 5072] exit_group(0) = ?
[pid 5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
[ 62.356254][ T5072] loop0: detected capacity change from 0 to 512
[ 62.365844][ T5072] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.381063][ T5072] EXT4-fs (loop0): 1 truncate cleaned up
[ 62.386814][ T5072] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached
, child_tidptr=0x555556e60650) = 5074
[pid 5074] set_robust_list(0x555556e60660, 24) = 0
[pid 5074] chdir("./22") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 62.428711][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5074] munmap(0x7fa868d87000, 262144) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file1", 0777) = 0
[ 62.492349][ T5074] loop0: detected capacity change from 0 to 512
[ 62.504455][ T5074] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.522524][ T5074] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5074] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file1") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5074] creat("./file1", 000) = 4
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
[ 62.530003][ T5074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached
, child_tidptr=0x555556e60650) = 5076
[pid 5076] set_robust_list(0x555556e60660, 24) = 0
[pid 5076] chdir("./23") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 62.573282][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5076] munmap(0x7fa868d87000, 262144) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file1", 0777) = 0
[ 62.642643][ T5076] loop0: detected capacity change from 0 to 512
[ 62.653722][ T5076] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.671472][ T5076] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5076] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5076] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file1") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5076] creat("./file1", 000) = 4
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
[ 62.679782][ T5076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached
, child_tidptr=0x555556e60650) = 5078
[pid 5078] set_robust_list(0x555556e60660, 24) = 0
[pid 5078] chdir("./24") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5078] munmap(0x7fa868d87000, 262144) = 0
[ 62.725936][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file1", 0777) = 0
[pid 5078] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file1") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5078] creat("./file1", 000) = 4
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[ 62.788470][ T5078] loop0: detected capacity change from 0 to 512
[ 62.802619][ T5078] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.818204][ T5078] EXT4-fs (loop0): 1 truncate cleaned up
[ 62.824073][ T5078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5080
[ 62.873629][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
./strace-static-x86_64: Process 5080 attached
[pid 5080] set_robust_list(0x555556e60660, 24) = 0
[pid 5080] chdir("./25") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5080] munmap(0x7fa868d87000, 262144) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file1", 0777) = 0
[pid 5080] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file1") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5080] creat("./file1", 000) = 4
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
[ 62.951186][ T5080] loop0: detected capacity change from 0 to 512
[ 62.960669][ T5080] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 62.976416][ T5080] EXT4-fs (loop0): 1 truncate cleaned up
[ 62.982323][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached
, child_tidptr=0x555556e60650) = 5082
[pid 5082] set_robust_list(0x555556e60660, 24) = 0
[pid 5082] chdir("./26") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5082] munmap(0x7fa868d87000, 262144) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.021830][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file1", 0777) = 0
[pid 5082] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5082] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file1") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5082] creat("./file1", 000) = 4
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
[ 63.075126][ T5082] loop0: detected capacity change from 0 to 512
[ 63.088234][ T5082] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.105681][ T5082] EXT4-fs (loop0): 1 truncate cleaned up
[ 63.112075][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached
, child_tidptr=0x555556e60650) = 5084
[pid 5084] set_robust_list(0x555556e60660, 24) = 0
[pid 5084] chdir("./27") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[ 63.139864][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5084] munmap(0x7fa868d87000, 262144) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file1", 0777) = 0
[pid 5084] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5084] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file1") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5084] creat("./file1", 000) = 4
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
[ 63.206548][ T5084] loop0: detected capacity change from 0 to 512
[ 63.217893][ T5084] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.234210][ T5084] EXT4-fs (loop0): 1 truncate cleaned up
[ 63.240969][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5087
./strace-static-x86_64: Process 5087 attached
[pid 5087] set_robust_list(0x555556e60660, 24) = 0
[pid 5087] chdir("./28") = 0
[pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5087] setpgid(0, 0) = 0
[pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5087] write(3, "1000", 4) = 4
[pid 5087] close(3) = 0
[pid 5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5087] memfd_create("syzkaller", 0) = 3
[pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5087] munmap(0x7fa868d87000, 262144) = 0
[pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.292097][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5087] close(3) = 0
[pid 5087] mkdir("./file1", 0777) = 0
[pid 5087] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5087] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5087] chdir("./file1") = 0
[pid 5087] ioctl(4, LOOP_CLR_FD) = 0
[pid 5087] close(4) = 0
[pid 5087] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5087] creat("./file1", 000) = 4
[pid 5087] exit_group(0) = ?
[pid 5087] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
[ 63.341874][ T5087] loop0: detected capacity change from 0 to 512
[ 63.351603][ T5087] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.369678][ T5087] EXT4-fs (loop0): 1 truncate cleaned up
[ 63.375404][ T5087] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5089
./strace-static-x86_64: Process 5089 attached
[pid 5089] set_robust_list(0x555556e60660, 24) = 0
[pid 5089] chdir("./29") = 0
[pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5089] setpgid(0, 0) = 0
[pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5089] write(3, "1000", 4) = 4
[pid 5089] close(3) = 0
[pid 5089] symlink("/dev/binderfs", "./binderfs") = 0
[ 63.423432][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5089] memfd_create("syzkaller", 0) = 3
[pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5089] munmap(0x7fa868d87000, 262144) = 0
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5089] close(3) = 0
[pid 5089] mkdir("./file1", 0777) = 0
[pid 5089] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5089] chdir("./file1") = 0
[pid 5089] ioctl(4, LOOP_CLR_FD) = 0
[pid 5089] close(4) = 0
[pid 5089] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5089] creat("./file1", 000) = 4
[pid 5089] exit_group(0) = ?
[pid 5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
[ 63.498461][ T5089] loop0: detected capacity change from 0 to 512
[ 63.508542][ T5089] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.523460][ T5089] EXT4-fs (loop0): 1 truncate cleaned up
[ 63.529696][ T5089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached
, child_tidptr=0x555556e60650) = 5091
[pid 5091] set_robust_list(0x555556e60660, 24) = 0
[pid 5091] chdir("./30") = 0
[pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5091] setpgid(0, 0) = 0
[pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5091] write(3, "1000", 4) = 4
[pid 5091] close(3) = 0
[pid 5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5091] memfd_create("syzkaller", 0) = 3
[pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 63.570783][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5091] munmap(0x7fa868d87000, 262144) = 0
[pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5091] close(3) = 0
[pid 5091] mkdir("./file1", 0777) = 0
[pid 5091] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5091] chdir("./file1") = 0
[pid 5091] ioctl(4, LOOP_CLR_FD) = 0
[pid 5091] close(4) = 0
[pid 5091] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5091] creat("./file1", 000) = 4
[pid 5091] exit_group(0) = ?
[pid 5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
[ 63.629483][ T5091] loop0: detected capacity change from 0 to 512
[ 63.640212][ T5091] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.655807][ T5091] EXT4-fs (loop0): 1 truncate cleaned up
[ 63.661677][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached
<unfinished ...>
[pid 5093] set_robust_list(0x555556e60660, 24) = 0
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5093
[pid 5093] chdir("./31") = 0
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setpgid(0, 0) = 0
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1000", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] memfd_create("syzkaller", 0) = 3
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5093] munmap(0x7fa868d87000, 262144) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.708700][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5093] close(3) = 0
[pid 5093] mkdir("./file1", 0777) = 0
[ 63.762094][ T5093] loop0: detected capacity change from 0 to 512
[ 63.782650][ T5093] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.798274][ T5093] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5093] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5093] chdir("./file1") = 0
[pid 5093] ioctl(4, LOOP_CLR_FD) = 0
[pid 5093] close(4) = 0
[pid 5093] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5093] creat("./file1", 000) = 4
[pid 5093] exit_group(0) = ?
[pid 5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
[ 63.804050][ T5093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5095
./strace-static-x86_64: Process 5095 attached
[pid 5095] set_robust_list(0x555556e60660, 24) = 0
[pid 5095] chdir("./32") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5095] munmap(0x7fa868d87000, 262144) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.845406][ T5026] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./file1", 0777) = 0
[pid 5095] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] chdir("./file1") = 0
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[pid 5095] close(4) = 0
[pid 5095] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5095] creat("./file1", 000) = 4
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 63.903093][ T5095] loop0: detected capacity change from 0 to 512
[ 63.913355][ T5095] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 63.929571][ T5095] EXT4-fs (loop0): 1 truncate cleaned up
openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached
<unfinished ...>
[pid 5097] set_robust_list(0x555556e60660, 24 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5097
[pid 5097] <... set_robust_list resumed>) = 0
[pid 5097] chdir("./33") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5097] munmap(0x7fa868d87000, 262144) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./file1", 0777) = 0
[pid 5097] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./file1") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5097] creat("./file1", 000) = 4
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached
, child_tidptr=0x555556e60650) = 5099
[pid 5099] set_robust_list(0x555556e60660, 24) = 0
[pid 5099] chdir("./34") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 64.024081][ T5097] loop0: detected capacity change from 0 to 512
[ 64.034596][ T5097] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.050365][ T5097] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5099] munmap(0x7fa868d87000, 262144) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./file1", 0777) = 0
[pid 5099] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./file1") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5099] creat("./file1", 000) = 4
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 64.109984][ T5099] loop0: detected capacity change from 0 to 512
[ 64.120982][ T5099] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.140112][ T5099] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached
, child_tidptr=0x555556e60650) = 5101
[pid 5101] set_robust_list(0x555556e60660, 24) = 0
[pid 5101] chdir("./35") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5101] munmap(0x7fa868d87000, 262144) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./file1", 0777) = 0
[pid 5101] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5101] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./file1") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5101] creat("./file1", 000) = 4
[pid 5101] exit_group(0) = ?
[pid 5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 64.212464][ T5101] loop0: detected capacity change from 0 to 512
[ 64.222291][ T5101] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.237219][ T5101] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached
, child_tidptr=0x555556e60650) = 5103
[pid 5103] set_robust_list(0x555556e60660, 24) = 0
[pid 5103] chdir("./36") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5103] munmap(0x7fa868d87000, 262144) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./file1", 0777) = 0
[pid 5103] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5103] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./file1") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5103] creat("./file1", 000) = 4
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 64.305427][ T5103] loop0: detected capacity change from 0 to 512
[ 64.316163][ T5103] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.334074][ T5103] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached
, child_tidptr=0x555556e60650) = 5105
[pid 5105] set_robust_list(0x555556e60660, 24) = 0
[pid 5105] chdir("./37") = 0
[pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5105] setpgid(0, 0) = 0
[pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5105] write(3, "1000", 4) = 4
[pid 5105] close(3) = 0
[pid 5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5105] memfd_create("syzkaller", 0) = 3
[pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5105] munmap(0x7fa868d87000, 262144) = 0
[pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5105] close(3) = 0
[pid 5105] mkdir("./file1", 0777) = 0
[pid 5105] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5105] chdir("./file1") = 0
[pid 5105] ioctl(4, LOOP_CLR_FD) = 0
[pid 5105] close(4) = 0
[pid 5105] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5105] creat("./file1", 000) = 4
[pid 5105] exit_group(0) = ?
[pid 5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached
, child_tidptr=0x555556e60650) = 5107
[pid 5107] set_robust_list(0x555556e60660, 24) = 0
[pid 5107] chdir("./38") = 0
[pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5107] setpgid(0, 0) = 0
[pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5107] write(3, "1000", 4) = 4
[pid 5107] close(3) = 0
[pid 5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5107] memfd_create("syzkaller", 0) = 3
[pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 64.399722][ T5105] loop0: detected capacity change from 0 to 512
[ 64.410233][ T5105] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.427218][ T5105] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5107] munmap(0x7fa868d87000, 262144) = 0
[pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5107] close(3) = 0
[pid 5107] mkdir("./file1", 0777) = 0
[pid 5107] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5107] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5107] chdir("./file1") = 0
[pid 5107] ioctl(4, LOOP_CLR_FD) = 0
[pid 5107] close(4) = 0
[pid 5107] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5107] creat("./file1", 000) = 4
[pid 5107] exit_group(0) = ?
[pid 5107] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file1") = 0
[ 64.486897][ T5107] loop0: detected capacity change from 0 to 512
[ 64.501505][ T5107] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.518319][ T5107] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached
<unfinished ...>
[pid 5109] set_robust_list(0x555556e60660, 24) = 0
[pid 5109] chdir("./39") = 0
[pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5109] setpgid(0, 0) = 0
[pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5109] write(3, "1000", 4) = 4
[pid 5109] close(3) = 0
[pid 5109] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5109] memfd_create("syzkaller", 0) = 3
[pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5109] munmap(0x7fa868d87000, 262144 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5109
[pid 5109] <... munmap resumed>) = 0
[pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5109] close(3) = 0
[pid 5109] mkdir("./file1", 0777) = 0
[pid 5109] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5109] chdir("./file1") = 0
[pid 5109] ioctl(4, LOOP_CLR_FD) = 0
[pid 5109] close(4) = 0
[pid 5109] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5109] creat("./file1", 000) = 4
[pid 5109] exit_group(0) = ?
[pid 5109] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file1") = 0
[ 64.591385][ T5109] loop0: detected capacity change from 0 to 512
[ 64.602684][ T5109] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.618045][ T5109] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached
, child_tidptr=0x555556e60650) = 5111
[pid 5111] set_robust_list(0x555556e60660, 24) = 0
[pid 5111] chdir("./40") = 0
[pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5111] setpgid(0, 0) = 0
[pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5111] write(3, "1000", 4) = 4
[pid 5111] close(3) = 0
[pid 5111] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5111] memfd_create("syzkaller", 0) = 3
[pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5111] munmap(0x7fa868d87000, 262144) = 0
[pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5111] close(3) = 0
[pid 5111] mkdir("./file1", 0777) = 0
[pid 5111] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5111] chdir("./file1") = 0
[pid 5111] ioctl(4, LOOP_CLR_FD) = 0
[pid 5111] close(4) = 0
[pid 5111] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5111] creat("./file1", 000) = 4
[pid 5111] exit_group(0) = ?
[pid 5111] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file1") = 0
[ 64.707921][ T5111] loop0: detected capacity change from 0 to 512
[ 64.716996][ T5111] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.732107][ T5111] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached
, child_tidptr=0x555556e60650) = 5113
[pid 5113] set_robust_list(0x555556e60660, 24) = 0
[pid 5113] chdir("./41") = 0
[pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5113] setpgid(0, 0) = 0
[pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5113] write(3, "1000", 4) = 4
[pid 5113] close(3) = 0
[pid 5113] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5113] memfd_create("syzkaller", 0) = 3
[pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5113] munmap(0x7fa868d87000, 262144) = 0
[pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5113] close(3) = 0
[pid 5113] mkdir("./file1", 0777) = 0
[pid 5113] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5113] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5113] chdir("./file1") = 0
[pid 5113] ioctl(4, LOOP_CLR_FD) = 0
[pid 5113] close(4) = 0
[pid 5113] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5113] creat("./file1", 000) = 4
[pid 5113] exit_group(0) = ?
[pid 5113] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file1") = 0
[ 64.818842][ T5113] loop0: detected capacity change from 0 to 512
[ 64.830145][ T5113] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.846249][ T5113] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached
, child_tidptr=0x555556e60650) = 5115
[pid 5115] set_robust_list(0x555556e60660, 24) = 0
[pid 5115] chdir("./42") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5115] munmap(0x7fa868d87000, 262144) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file1", 0777) = 0
[pid 5115] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file1") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5115] creat("./file1", 000) = 4
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 64.932743][ T5115] loop0: detected capacity change from 0 to 512
[ 64.942477][ T5115] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 64.960202][ T5115] EXT4-fs (loop0): 1 truncate cleaned up
newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached
, child_tidptr=0x555556e60650) = 5117
[pid 5117] set_robust_list(0x555556e60660, 24) = 0
[pid 5117] chdir("./43") = 0
[pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5117] setpgid(0, 0) = 0
[pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5117] write(3, "1000", 4) = 4
[pid 5117] close(3) = 0
[pid 5117] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5117] memfd_create("syzkaller", 0) = 3
[pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5117] munmap(0x7fa868d87000, 262144) = 0
[pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5117] close(3) = 0
[pid 5117] mkdir("./file1", 0777) = 0
[pid 5117] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5117] chdir("./file1") = 0
[pid 5117] ioctl(4, LOOP_CLR_FD) = 0
[pid 5117] close(4) = 0
[pid 5117] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5117] creat("./file1", 000) = 4
[pid 5117] exit_group(0) = ?
[pid 5117] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 65.030878][ T5117] loop0: detected capacity change from 0 to 512
[ 65.043101][ T5117] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.060720][ T5117] EXT4-fs (loop0): 1 truncate cleaned up
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached
, child_tidptr=0x555556e60650) = 5119
[pid 5119] set_robust_list(0x555556e60660, 24) = 0
[pid 5119] chdir("./44") = 0
[pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5119] setpgid(0, 0) = 0
[pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5119] write(3, "1000", 4) = 4
[pid 5119] close(3) = 0
[pid 5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5119] memfd_create("syzkaller", 0) = 3
[pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5119] munmap(0x7fa868d87000, 262144) = 0
[pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5119] close(3) = 0
[pid 5119] mkdir("./file1", 0777) = 0
[pid 5119] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5119] chdir("./file1") = 0
[pid 5119] ioctl(4, LOOP_CLR_FD) = 0
[pid 5119] close(4) = 0
[pid 5119] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5119] creat("./file1", 000) = 4
[pid 5119] exit_group(0) = ?
[pid 5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5121
./strace-static-x86_64: Process 5121 attached
[pid 5121] set_robust_list(0x555556e60660, 24) = 0
[pid 5121] chdir("./45") = 0
[pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 65.168483][ T5119] loop0: detected capacity change from 0 to 512
[ 65.178970][ T5119] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.195977][ T5119] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5121] setpgid(0, 0) = 0
[pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5121] write(3, "1000", 4) = 4
[pid 5121] close(3) = 0
[pid 5121] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5121] memfd_create("syzkaller", 0) = 3
[pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5121] munmap(0x7fa868d87000, 262144) = 0
[pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5121] close(3) = 0
[pid 5121] mkdir("./file1", 0777) = 0
[pid 5121] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5121] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5121] chdir("./file1") = 0
[pid 5121] ioctl(4, LOOP_CLR_FD) = 0
[pid 5121] close(4) = 0
[pid 5121] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5121] creat("./file1", 000) = 4
[pid 5121] exit_group(0) = ?
[pid 5121] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached
, child_tidptr=0x555556e60650) = 5123
[pid 5123] set_robust_list(0x555556e60660, 24) = 0
[pid 5123] chdir("./46") = 0
[ 65.259237][ T5121] loop0: detected capacity change from 0 to 512
[ 65.269660][ T5121] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.286098][ T5121] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5123] setpgid(0, 0) = 0
[pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5123] write(3, "1000", 4) = 4
[pid 5123] close(3) = 0
[pid 5123] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5123] memfd_create("syzkaller", 0) = 3
[pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5123] munmap(0x7fa868d87000, 262144) = 0
[pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5123] close(3) = 0
[pid 5123] mkdir("./file1", 0777) = 0
[pid 5123] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5123] chdir("./file1") = 0
[pid 5123] ioctl(4, LOOP_CLR_FD) = 0
[pid 5123] close(4) = 0
[pid 5123] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5123] creat("./file1", 000) = 4
[pid 5123] exit_group(0) = ?
[pid 5123] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 65.353863][ T5123] loop0: detected capacity change from 0 to 512
[ 65.365578][ T5123] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.382244][ T5123] EXT4-fs (loop0): 1 truncate cleaned up
openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached
, child_tidptr=0x555556e60650) = 5125
[pid 5125] set_robust_list(0x555556e60660, 24) = 0
[pid 5125] chdir("./47") = 0
[pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5125] setpgid(0, 0) = 0
[pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5125] write(3, "1000", 4) = 4
[pid 5125] close(3) = 0
[pid 5125] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5125] memfd_create("syzkaller", 0) = 3
[pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5125] munmap(0x7fa868d87000, 262144) = 0
[pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5125] close(3) = 0
[pid 5125] mkdir("./file1", 0777) = 0
[pid 5125] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5125] chdir("./file1") = 0
[pid 5125] ioctl(4, LOOP_CLR_FD) = 0
[pid 5125] close(4) = 0
[pid 5125] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5125] creat("./file1", 000) = 4
[pid 5125] exit_group(0) = ?
[pid 5125] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
[ 65.460537][ T5125] loop0: detected capacity change from 0 to 512
[ 65.471515][ T5125] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.486538][ T5125] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5127
./strace-static-x86_64: Process 5127 attached
[pid 5127] set_robust_list(0x555556e60660, 24) = 0
[pid 5127] chdir("./48") = 0
[pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5127] setpgid(0, 0) = 0
[pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5127] write(3, "1000", 4) = 4
[pid 5127] close(3) = 0
[pid 5127] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5127] memfd_create("syzkaller", 0) = 3
[pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5127] munmap(0x7fa868d87000, 262144) = 0
[pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5127] close(3) = 0
[pid 5127] mkdir("./file1", 0777) = 0
[pid 5127] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5127] chdir("./file1") = 0
[pid 5127] ioctl(4, LOOP_CLR_FD) = 0
[pid 5127] close(4) = 0
[pid 5127] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5127] creat("./file1", 000) = 4
[pid 5127] exit_group(0) = ?
[pid 5127] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached
, child_tidptr=0x555556e60650) = 5129
[pid 5129] set_robust_list(0x555556e60660, 24) = 0
[pid 5129] chdir("./49") = 0
[pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5129] setpgid(0, 0) = 0
[pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5129] write(3, "1000", 4) = 4
[pid 5129] close(3) = 0
[pid 5129] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5129] memfd_create("syzkaller", 0) = 3
[ 65.589114][ T5127] loop0: detected capacity change from 0 to 512
[ 65.598916][ T5127] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.614806][ T5127] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5129] munmap(0x7fa868d87000, 262144) = 0
[pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5129] close(3) = 0
[pid 5129] mkdir("./file1", 0777) = 0
[pid 5129] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5129] chdir("./file1") = 0
[pid 5129] ioctl(4, LOOP_CLR_FD) = 0
[pid 5129] close(4) = 0
[pid 5129] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5129] creat("./file1", 000) = 4
[pid 5129] exit_group(0) = ?
[pid 5129] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 65.678553][ T5129] loop0: detected capacity change from 0 to 512
[ 65.691781][ T5129] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.706778][ T5129] EXT4-fs (loop0): 1 truncate cleaned up
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached
, child_tidptr=0x555556e60650) = 5131
[pid 5131] set_robust_list(0x555556e60660, 24) = 0
[pid 5131] chdir("./50") = 0
[pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5131] setpgid(0, 0) = 0
[pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5131] write(3, "1000", 4) = 4
[pid 5131] close(3) = 0
[pid 5131] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5131] memfd_create("syzkaller", 0) = 3
[pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5131] munmap(0x7fa868d87000, 262144) = 0
[pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5131] close(3) = 0
[pid 5131] mkdir("./file1", 0777) = 0
[pid 5131] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5131] chdir("./file1") = 0
[pid 5131] ioctl(4, LOOP_CLR_FD) = 0
[pid 5131] close(4) = 0
[pid 5131] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5131] creat("./file1", 000) = 4
[pid 5131] exit_group(0) = ?
[pid 5131] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 65.781682][ T5131] loop0: detected capacity change from 0 to 512
[ 65.791878][ T5131] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.806875][ T5131] EXT4-fs (loop0): 1 truncate cleaned up
rmdir("./50/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached
, child_tidptr=0x555556e60650) = 5133
[pid 5133] set_robust_list(0x555556e60660, 24) = 0
[pid 5133] chdir("./51") = 0
[pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5133] setpgid(0, 0) = 0
[pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5133] write(3, "1000", 4) = 4
[pid 5133] close(3) = 0
[pid 5133] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5133] memfd_create("syzkaller", 0) = 3
[pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5133] munmap(0x7fa868d87000, 262144) = 0
[pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5133] close(3) = 0
[pid 5133] mkdir("./file1", 0777) = 0
[pid 5133] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5133] chdir("./file1") = 0
[pid 5133] ioctl(4, LOOP_CLR_FD) = 0
[pid 5133] close(4) = 0
[pid 5133] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5133] creat("./file1", 000) = 4
[pid 5133] exit_group(0) = ?
[pid 5133] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
[ 65.892101][ T5133] loop0: detected capacity change from 0 to 512
[ 65.901496][ T5133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 65.917664][ T5133] EXT4-fs (loop0): 1 truncate cleaned up
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5135
./strace-static-x86_64: Process 5135 attached
[pid 5135] set_robust_list(0x555556e60660, 24) = 0
[pid 5135] chdir("./52") = 0
[pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5135] setpgid(0, 0) = 0
[pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5135] write(3, "1000", 4) = 4
[pid 5135] close(3) = 0
[pid 5135] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5135] memfd_create("syzkaller", 0) = 3
[pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5135] munmap(0x7fa868d87000, 262144) = 0
[pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5135] close(3) = 0
[pid 5135] mkdir("./file1", 0777) = 0
[pid 5135] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5135] chdir("./file1") = 0
[pid 5135] ioctl(4, LOOP_CLR_FD) = 0
[pid 5135] close(4) = 0
[pid 5135] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5135] creat("./file1", 000) = 4
[pid 5135] exit_group(0) = ?
[pid 5135] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 66.007349][ T5135] loop0: detected capacity change from 0 to 512
[ 66.017324][ T5135] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.032486][ T5135] EXT4-fs (loop0): 1 truncate cleaned up
newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5137
./strace-static-x86_64: Process 5137 attached
[pid 5137] set_robust_list(0x555556e60660, 24) = 0
[pid 5137] chdir("./53") = 0
[pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5137] setpgid(0, 0) = 0
[pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5137] write(3, "1000", 4) = 4
[pid 5137] close(3) = 0
[pid 5137] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5137] memfd_create("syzkaller", 0) = 3
[pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5137] munmap(0x7fa868d87000, 262144) = 0
[pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5137] close(3) = 0
[pid 5137] mkdir("./file1", 0777) = 0
[pid 5137] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5137] chdir("./file1") = 0
[pid 5137] ioctl(4, LOOP_CLR_FD) = 0
[pid 5137] close(4) = 0
[pid 5137] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5137] creat("./file1", 000) = 4
[pid 5137] exit_group(0) = ?
[pid 5137] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 66.115130][ T5137] loop0: detected capacity change from 0 to 512
[ 66.124907][ T5137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.141133][ T5137] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached
, child_tidptr=0x555556e60650) = 5139
[pid 5139] set_robust_list(0x555556e60660, 24) = 0
[pid 5139] chdir("./54") = 0
[pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5139] setpgid(0, 0) = 0
[pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5139] write(3, "1000", 4) = 4
[pid 5139] close(3) = 0
[pid 5139] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5139] memfd_create("syzkaller", 0) = 3
[pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5139] munmap(0x7fa868d87000, 262144) = 0
[pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5139] close(3) = 0
[pid 5139] mkdir("./file1", 0777) = 0
[pid 5139] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5139] chdir("./file1") = 0
[pid 5139] ioctl(4, LOOP_CLR_FD) = 0
[pid 5139] close(4) = 0
[pid 5139] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5139] creat("./file1", 000) = 4
[pid 5139] exit_group(0) = ?
[pid 5139] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
[ 66.216073][ T5139] loop0: detected capacity change from 0 to 512
[ 66.229261][ T5139] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.248689][ T5139] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5141
./strace-static-x86_64: Process 5141 attached
[pid 5141] set_robust_list(0x555556e60660, 24) = 0
[pid 5141] chdir("./55") = 0
[pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5141] setpgid(0, 0) = 0
[pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5141] write(3, "1000", 4) = 4
[pid 5141] close(3) = 0
[pid 5141] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5141] memfd_create("syzkaller", 0) = 3
[pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5141] munmap(0x7fa868d87000, 262144) = 0
[pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5141] close(3) = 0
[pid 5141] mkdir("./file1", 0777) = 0
[pid 5141] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5141] chdir("./file1") = 0
[pid 5141] ioctl(4, LOOP_CLR_FD) = 0
[pid 5141] close(4) = 0
[pid 5141] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5141] creat("./file1", 000) = 4
[pid 5141] exit_group(0) = ?
[pid 5141] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
[ 66.357226][ T5141] loop0: detected capacity change from 0 to 512
[ 66.366634][ T5141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.381932][ T5141] EXT4-fs (loop0): 1 truncate cleaned up
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5143
./strace-static-x86_64: Process 5143 attached
[pid 5143] set_robust_list(0x555556e60660, 24) = 0
[pid 5143] chdir("./56") = 0
[pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5143] setpgid(0, 0) = 0
[pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5143] write(3, "1000", 4) = 4
[pid 5143] close(3) = 0
[pid 5143] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5143] memfd_create("syzkaller", 0) = 3
[pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5143] munmap(0x7fa868d87000, 262144) = 0
[pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5143] close(3) = 0
[pid 5143] mkdir("./file1", 0777) = 0
[pid 5143] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5143] chdir("./file1") = 0
[pid 5143] ioctl(4, LOOP_CLR_FD) = 0
[pid 5143] close(4) = 0
[pid 5143] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5143] creat("./file1", 000) = 4
[pid 5143] exit_group(0) = ?
[pid 5143] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 66.469498][ T5143] loop0: detected capacity change from 0 to 512
[ 66.479506][ T5143] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.495151][ T5143] EXT4-fs (loop0): 1 truncate cleaned up
openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached
, child_tidptr=0x555556e60650) = 5145
[pid 5145] set_robust_list(0x555556e60660, 24) = 0
[pid 5145] chdir("./57") = 0
[pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5145] setpgid(0, 0) = 0
[pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5145] write(3, "1000", 4) = 4
[pid 5145] close(3) = 0
[pid 5145] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5145] memfd_create("syzkaller", 0) = 3
[pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5145] munmap(0x7fa868d87000, 262144) = 0
[pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5145] close(3) = 0
[pid 5145] mkdir("./file1", 0777) = 0
[pid 5145] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5145] chdir("./file1") = 0
[pid 5145] ioctl(4, LOOP_CLR_FD) = 0
[pid 5145] close(4) = 0
[pid 5145] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5145] creat("./file1", 000) = 4
[pid 5145] exit_group(0) = ?
[pid 5145] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
[ 66.597234][ T5145] loop0: detected capacity change from 0 to 512
[ 66.607266][ T5145] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.622318][ T5145] EXT4-fs (loop0): 1 truncate cleaned up
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5147
./strace-static-x86_64: Process 5147 attached
[pid 5147] set_robust_list(0x555556e60660, 24) = 0
[pid 5147] chdir("./58") = 0
[pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5147] setpgid(0, 0) = 0
[pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5147] write(3, "1000", 4) = 4
[pid 5147] close(3) = 0
[pid 5147] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5147] memfd_create("syzkaller", 0) = 3
[pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5147] munmap(0x7fa868d87000, 262144) = 0
[pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5147] close(3) = 0
[pid 5147] mkdir("./file1", 0777) = 0
[pid 5147] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5147] chdir("./file1") = 0
[pid 5147] ioctl(4, LOOP_CLR_FD) = 0
[pid 5147] close(4) = 0
[pid 5147] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[ 66.705359][ T5147] loop0: detected capacity change from 0 to 512
[ 66.714819][ T5147] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 66.731092][ T5147] EXT4-fs (loop0): 1 truncate cleaned up
[ 66.741496][ T5147]
[ 66.744023][ T5147] ======================================================
[ 66.751108][ T5147] WARNING: possible circular locking dependency detected
[ 66.758191][ T5147] 6.6.0-rc3-syzkaller-00025-g50768a425b46 #0 Not tainted
[ 66.765190][ T5147] ------------------------------------------------------
[ 66.772305][ T5147] syz-executor330/5147 is trying to acquire lock:
[ 66.778705][ T5147] ffff888078f65400 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x409/0x5d0
[ 66.789075][ T5147]
[ 66.789075][ T5147] but task is already holding lock:
[ 66.796428][ T5147] ffff888078f65c88 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x14c0/0x1bb0
[ 66.806210][ T5147]
[ 66.806210][ T5147] which lock already depends on the new lock.
[ 66.806210][ T5147]
[ 66.816788][ T5147]
[ 66.816788][ T5147] the existing dependency chain (in reverse order) is:
[ 66.825879][ T5147]
[ 66.825879][ T5147] -> #1 (&ei->i_data_sem/3){++++}-{3:3}:
[ 66.833786][ T5147] down_write+0x3a/0x50
[ 66.838733][ T5147] ext4_xattr_set_entry+0x344a/0x3f90
[ 66.844874][ T5147] ext4_xattr_ibody_set+0x121/0x330
[ 66.850683][ T5147] ext4_xattr_set_handle+0xba5/0x1570
[ 66.856619][ T5147] ext4_xattr_set+0x241/0x3d0
[ 66.861823][ T5147] __vfs_setxattr+0x460/0x4a0
[ 66.868771][ T5147] __vfs_setxattr_noperm+0x12e/0x5e0
[ 66.874683][ T5147] vfs_setxattr+0x221/0x420
[ 66.880429][ T5147] setxattr+0x25d/0x2f0
[ 66.886167][ T5147] path_setxattr+0x1c0/0x2a0
[ 66.892369][ T5147] __x64_sys_setxattr+0xbb/0xd0
[ 66.898709][ T5147] do_syscall_64+0x41/0xc0
[ 66.904512][ T5147] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.912175][ T5147]
[ 66.912175][ T5147] -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}:
[ 66.922615][ T5147] __lock_acquire+0x39ff/0x7f70
[ 66.928209][ T5147] lock_acquire+0x1e3/0x520
[ 66.933431][ T5147] down_write+0x3a/0x50
[ 66.938211][ T5147] ext4_xattr_inode_iget+0x409/0x5d0
[ 66.944065][ T5147] ext4_xattr_inode_get+0x164/0x430
[ 66.949896][ T5147] ext4_expand_extra_isize_ea+0xf21/0x1ce0
[ 66.956431][ T5147] __ext4_expand_extra_isize+0x2f7/0x3d0
[ 66.962940][ T5147] __ext4_mark_inode_dirty+0x53e/0x870
[ 66.969099][ T5147] ext4_setattr+0x1553/0x1bb0
[ 66.974333][ T5147] notify_change+0xb99/0xe60
[ 66.979480][ T5147] do_truncate+0x220/0x300
[ 66.984532][ T5147] path_openat+0x2959/0x3180
[ 66.989643][ T5147] do_filp_open+0x234/0x490
[ 66.994669][ T5147] do_sys_openat2+0x13e/0x1d0
[ 66.999879][ T5147] __x64_sys_creat+0x123/0x160
[ 67.005259][ T5147] do_syscall_64+0x41/0xc0
[ 67.010185][ T5147] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.016634][ T5147]
[ 67.016634][ T5147] other info that might help us debug this:
[ 67.016634][ T5147]
[ 67.026877][ T5147] Possible unsafe locking scenario:
[ 67.026877][ T5147]
[ 67.034333][ T5147] CPU0 CPU1
[ 67.039782][ T5147] ---- ----
[ 67.045139][ T5147] lock(&ei->i_data_sem/3);
[ 67.049718][ T5147] lock(&ea_inode->i_rwsem#7/1);
[ 67.058666][ T5147] lock(&ei->i_data_sem/3);
[ 67.066749][ T5147] lock(&ea_inode->i_rwsem#7/1);
[ 67.072333][ T5147]
[ 67.072333][ T5147] *** DEADLOCK ***
[ 67.072333][ T5147]
[ 67.080602][ T5147] 5 locks held by syz-executor330/5147:
[ 67.086145][ T5147] #0: ffff88807774e410 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[ 67.095411][ T5147] #1: ffff888078f65e00 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x20c/0x300
[ 67.106489][ T5147] #2: ffff888078f65fa0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xf31/0x1bb0
[ 67.120446][ T5147] #3: ffff888078f65c88 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x14c0/0x1bb0
[ 67.131368][ T5147] #4: ffff888078f65ac8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4a5/0x870
[ 67.141987][ T5147]
[ 67.141987][ T5147] stack backtrace:
[ 67.147865][ T5147] CPU: 0 PID: 5147 Comm: syz-executor330 Not tainted 6.6.0-rc3-syzkaller-00025-g50768a425b46 #0
[ 67.158269][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 67.168421][ T5147] Call Trace:
[ 67.171693][ T5147] <TASK>
[ 67.174614][ T5147] dump_stack_lvl+0x1e7/0x2d0
[ 67.179291][ T5147] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.184765][ T5147] ? print_circular_bug+0x12b/0x1a0
[ 67.190003][ T5147] check_noncircular+0x375/0x4a0
[ 67.194954][ T5147] ? print_deadlock_bug+0x600/0x600
[ 67.200163][ T5147] ? lockdep_lock+0x123/0x2b0
[ 67.204879][ T5147] __lock_acquire+0x39ff/0x7f70
[ 67.209736][ T5147] ? verify_lock_unused+0x140/0x140
[ 67.214962][ T5147] ? __might_sleep+0xc0/0xc0
[ 67.219563][ T5147] ? look_up_lock_class+0x77/0x140
[ 67.224668][ T5147] ? register_lock_class+0x104/0x990
[ 67.230043][ T5147] lock_acquire+0x1e3/0x520
[ 67.234638][ T5147] ? ext4_xattr_inode_iget+0x409/0x5d0
[ 67.240123][ T5147] ? read_lock_is_recursive+0x20/0x20
[ 67.245627][ T5147] ? __might_sleep+0xc0/0xc0
[ 67.250302][ T5147] ? lockdep_softirqs_off+0x420/0x420
[ 67.255668][ T5147] down_write+0x3a/0x50
[ 67.259926][ T5147] ? ext4_xattr_inode_iget+0x409/0x5d0
[ 67.265577][ T5147] ext4_xattr_inode_iget+0x409/0x5d0
[ 67.270880][ T5147] ext4_xattr_inode_get+0x164/0x430
[ 67.276179][ T5147] ? ext4_xattr_ibody_get+0x740/0x740
[ 67.281595][ T5147] ? __kmalloc_node+0xe8/0x230
[ 67.286383][ T5147] ext4_expand_extra_isize_ea+0xf21/0x1ce0
[ 67.292215][ T5147] ? ext4_xattr_set+0x3d0/0x3d0
[ 67.297066][ T5147] ? down_write_trylock+0x208/0x3a0
[ 67.302262][ T5147] ? __ext4_mark_inode_dirty+0x4a5/0x870
[ 67.307995][ T5147] ? dquot_initialize_needed+0x12c/0x320
[ 67.313642][ T5147] __ext4_expand_extra_isize+0x2f7/0x3d0
[ 67.319287][ T5147] __ext4_mark_inode_dirty+0x53e/0x870
[ 67.324850][ T5147] ? ext4_blocks_for_truncate+0x270/0x270
[ 67.330569][ T5147] ? __down_write_common+0x161/0x200
[ 67.335857][ T5147] ? clear_nonspinnable+0x60/0x60
[ 67.340874][ T5147] ? ext4_fc_track_range+0xf7/0xa60
[ 67.346069][ T5147] ? __ext4_journal_start_sb+0x26b/0x5a0
[ 67.351691][ T5147] ext4_setattr+0x1553/0x1bb0
[ 67.357452][ T5147] ? ext4_write_inode+0x6f0/0x6f0
[ 67.362483][ T5147] notify_change+0xb99/0xe60
[ 67.367095][ T5147] do_truncate+0x220/0x300
[ 67.371507][ T5147] ? put_page_bootmem+0x2e0/0x2e0
[ 67.376619][ T5147] ? ima_bprm_check+0x2b0/0x2b0
[ 67.381505][ T5147] path_openat+0x2959/0x3180
[ 67.386104][ T5147] ? getname_flags+0xbc/0x4e0
[ 67.390880][ T5147] ? do_filp_open+0x490/0x490
[ 67.395862][ T5147] do_filp_open+0x234/0x490
[ 67.400394][ T5147] ? vfs_tmpfile+0x4b0/0x4b0
[ 67.404986][ T5147] ? _raw_spin_unlock+0x28/0x40
[ 67.410117][ T5147] ? alloc_fd+0x59c/0x640
[ 67.414492][ T5147] do_sys_openat2+0x13e/0x1d0
[ 67.419162][ T5147] ? do_sys_open+0x230/0x230
[ 67.423758][ T5147] ? _raw_spin_unlock_irq+0x2e/0x50
[ 67.428947][ T5147] ? ptrace_notify+0x278/0x380
[ 67.433705][ T5147] __x64_sys_creat+0x123/0x160
[ 67.438912][ T5147] ? __x64_compat_sys_openat+0x290/0x290
[ 67.444554][ T5147] ? syscall_enter_from_user_mode+0x32/0x230
[ 67.450555][ T5147] ? syscall_enter_from_user_mode+0x8c/0x230
[ 67.456537][ T5147] do_syscall_64+0x41/0xc0
[ 67.461035][ T5147] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.466952][ T5147] RIP: 0033:0x7fa8711c61a9
[ 67.471438][ T5147] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 67.491765][ T5147] RSP: 002b:00007ffc3379b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[pid 5147] creat("./file1", 000) = 4
[pid 5147] exit_group(0) = ?
[pid 5147] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5149
[ 67.501577][ T5147] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fa8711c61a9
[ 67.509555][ T5147] RDX: 00007fa8711c61a9 RSI: 0000000000000000 RDI: 0000000020000400
[ 67.517541][ T5147] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
[ 67.525604][ T5147] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc3379b240
[ 67.533681][ T5147] R13: 00007ffc3379b280 R14: 0000000000040000 R15: 0000000000000003
[ 67.542470][ T5147] </TASK>
./strace-static-x86_64: Process 5149 attached
[pid 5149] set_robust_list(0x555556e60660, 24) = 0
[pid 5149] chdir("./59") = 0
[pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5149] setpgid(0, 0) = 0
[pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5149] write(3, "1000", 4) = 4
[pid 5149] close(3) = 0
[pid 5149] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5149] memfd_create("syzkaller", 0) = 3
[pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5149] munmap(0x7fa868d87000, 262144) = 0
[pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5149] close(3) = 0
[pid 5149] mkdir("./file1", 0777) = 0
[pid 5149] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5149] chdir("./file1") = 0
[pid 5149] ioctl(4, LOOP_CLR_FD) = 0
[pid 5149] close(4) = 0
[pid 5149] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5149] creat("./file1", 000) = 4
[pid 5149] exit_group(0) = ?
[pid 5149] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5151
./strace-static-x86_64: Process 5151 attached
[pid 5151] set_robust_list(0x555556e60660, 24) = 0
[pid 5151] chdir("./60") = 0
[pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5151] setpgid(0, 0) = 0
[pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5151] write(3, "1000", 4) = 4
[pid 5151] close(3) = 0
[pid 5151] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5151] memfd_create("syzkaller", 0) = 3
[pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5151] munmap(0x7fa868d87000, 262144) = 0
[pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 67.605625][ T5149] loop0: detected capacity change from 0 to 512
[ 67.619402][ T5149] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 67.633538][ T5149] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5151] close(3) = 0
[pid 5151] mkdir("./file1", 0777) = 0
[pid 5151] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5151] chdir("./file1") = 0
[pid 5151] ioctl(4, LOOP_CLR_FD) = 0
[pid 5151] close(4) = 0
[pid 5151] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5151] creat("./file1", 000) = 4
[pid 5151] exit_group(0) = ?
[pid 5151] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 67.683888][ T5151] loop0: detected capacity change from 0 to 512
[ 67.699207][ T5151] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 67.717085][ T5151] EXT4-fs (loop0): 1 truncate cleaned up
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached
<unfinished ...>
[pid 5153] set_robust_list(0x555556e60660, 24) = 0
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5153
[pid 5153] chdir("./61") = 0
[pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5153] setpgid(0, 0) = 0
[pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5153] write(3, "1000", 4) = 4
[pid 5153] close(3) = 0
[pid 5153] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5153] memfd_create("syzkaller", 0) = 3
[pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5153] munmap(0x7fa868d87000, 262144) = 0
[pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5153] close(3) = 0
[pid 5153] mkdir("./file1", 0777) = 0
[pid 5153] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5153] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5153] chdir("./file1") = 0
[pid 5153] ioctl(4, LOOP_CLR_FD) = 0
[pid 5153] close(4) = 0
[pid 5153] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5153] creat("./file1", 000) = 4
[pid 5153] exit_group(0) = ?
[pid 5153] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached
, child_tidptr=0x555556e60650) = 5155
[pid 5155] set_robust_list(0x555556e60660, 24) = 0
[pid 5155] chdir("./62") = 0
[pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5155] setpgid(0, 0) = 0
[pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5155] write(3, "1000", 4) = 4
[pid 5155] close(3) = 0
[pid 5155] symlink("/dev/binderfs", "./binderfs") = 0
[ 67.785657][ T5153] loop0: detected capacity change from 0 to 512
[ 67.794472][ T5153] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 67.809623][ T5153] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5155] memfd_create("syzkaller", 0) = 3
[pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5155] munmap(0x7fa868d87000, 262144) = 0
[pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5155] close(3) = 0
[pid 5155] mkdir("./file1", 0777) = 0
[pid 5155] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5155] chdir("./file1") = 0
[pid 5155] ioctl(4, LOOP_CLR_FD) = 0
[pid 5155] close(4) = 0
[pid 5155] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5155] creat("./file1", 000) = 4
[pid 5155] exit_group(0) = ?
[pid 5155] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached
<unfinished ...>
[pid 5157] set_robust_list(0x555556e60660, 24 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5157
[pid 5157] <... set_robust_list resumed>) = 0
[pid 5157] chdir("./63") = 0
[pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5157] setpgid(0, 0) = 0
[pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5157] write(3, "1000", 4) = 4
[pid 5157] close(3) = 0
[pid 5157] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5157] memfd_create("syzkaller", 0) = 3
[pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 67.875179][ T5155] loop0: detected capacity change from 0 to 512
[ 67.884687][ T5155] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 67.899356][ T5155] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5157] munmap(0x7fa868d87000, 262144) = 0
[pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5157] close(3) = 0
[pid 5157] mkdir("./file1", 0777) = 0
[pid 5157] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5157] chdir("./file1") = 0
[pid 5157] ioctl(4, LOOP_CLR_FD) = 0
[pid 5157] close(4) = 0
[pid 5157] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5157] creat("./file1", 000) = 4
[pid 5157] exit_group(0) = ?
[pid 5157] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 67.960469][ T5157] loop0: detected capacity change from 0 to 512
[ 67.978784][ T5157] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 67.994044][ T5157] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached
, child_tidptr=0x555556e60650) = 5159
[pid 5159] set_robust_list(0x555556e60660, 24) = 0
[pid 5159] chdir("./64") = 0
[pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5159] setpgid(0, 0) = 0
[pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5159] write(3, "1000", 4) = 4
[pid 5159] close(3) = 0
[pid 5159] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5159] memfd_create("syzkaller", 0) = 3
[pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5159] munmap(0x7fa868d87000, 262144) = 0
[pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5159] close(3) = 0
[pid 5159] mkdir("./file1", 0777) = 0
[pid 5159] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5159] chdir("./file1") = 0
[pid 5159] ioctl(4, LOOP_CLR_FD) = 0
[pid 5159] close(4) = 0
[pid 5159] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5159] creat("./file1", 000) = 4
[pid 5159] exit_group(0) = ?
[pid 5159] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 68.059391][ T5159] loop0: detected capacity change from 0 to 512
[ 68.070003][ T5159] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.084351][ T5159] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached
<unfinished ...>
[pid 5161] set_robust_list(0x555556e60660, 24) = 0
[pid 5161] chdir("./65") = 0
[pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5161] setpgid(0, 0) = 0
[pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5161] write(3, "1000", 4) = 4
[pid 5161] close(3) = 0
[pid 5161] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5161] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5161
[pid 5161] <... memfd_create resumed>) = 3
[pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5161] munmap(0x7fa868d87000, 262144) = 0
[pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5161] close(3) = 0
[pid 5161] mkdir("./file1", 0777) = 0
[pid 5161] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5161] chdir("./file1") = 0
[pid 5161] ioctl(4, LOOP_CLR_FD) = 0
[pid 5161] close(4) = 0
[pid 5161] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5161] creat("./file1", 000) = 4
[pid 5161] exit_group(0) = ?
[pid 5161] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 68.152858][ T5161] loop0: detected capacity change from 0 to 512
[ 68.163159][ T5161] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.177623][ T5161] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached
<unfinished ...>
[pid 5163] set_robust_list(0x555556e60660, 24 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5163
[pid 5163] <... set_robust_list resumed>) = 0
[pid 5163] chdir("./66") = 0
[pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5163] setpgid(0, 0) = 0
[pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5163] write(3, "1000", 4) = 4
[pid 5163] close(3) = 0
[pid 5163] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5163] memfd_create("syzkaller", 0) = 3
[pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5163] munmap(0x7fa868d87000, 262144) = 0
[pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5163] close(3) = 0
[pid 5163] mkdir("./file1", 0777) = 0
[pid 5163] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5163] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5163] chdir("./file1") = 0
[pid 5163] ioctl(4, LOOP_CLR_FD) = 0
[pid 5163] close(4) = 0
[pid 5163] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5163] creat("./file1", 000) = 4
[pid 5163] exit_group(0) = ?
[pid 5163] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached
, child_tidptr=0x555556e60650) = 5165
[pid 5165] set_robust_list(0x555556e60660, 24) = 0
[pid 5165] chdir("./67") = 0
[pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5165] setpgid(0, 0) = 0
[pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5165] write(3, "1000", 4) = 4
[pid 5165] close(3) = 0
[pid 5165] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5165] memfd_create("syzkaller", 0) = 3
[pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5165] munmap(0x7fa868d87000, 262144) = 0
[pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.245875][ T5163] loop0: detected capacity change from 0 to 512
[ 68.255420][ T5163] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.270336][ T5163] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5165] close(3) = 0
[pid 5165] mkdir("./file1", 0777) = 0
[pid 5165] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5165] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5165] chdir("./file1") = 0
[pid 5165] ioctl(4, LOOP_CLR_FD) = 0
[pid 5165] close(4) = 0
[pid 5165] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5165] creat("./file1", 000) = 4
[pid 5165] exit_group(0) = ?
[pid 5165] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached
, child_tidptr=0x555556e60650) = 5167
[pid 5167] set_robust_list(0x555556e60660, 24) = 0
[pid 5167] chdir("./68") = 0
[pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5167] setpgid(0, 0) = 0
[pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5167] write(3, "1000", 4) = 4
[pid 5167] close(3) = 0
[pid 5167] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5167] memfd_create("syzkaller", 0) = 3
[pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5167] munmap(0x7fa868d87000, 262144) = 0
[pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.325582][ T5165] loop0: detected capacity change from 0 to 512
[ 68.336475][ T5165] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.351531][ T5165] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5167] close(3) = 0
[pid 5167] mkdir("./file1", 0777) = 0
[pid 5167] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5167] chdir("./file1") = 0
[pid 5167] ioctl(4, LOOP_CLR_FD) = 0
[pid 5167] close(4) = 0
[pid 5167] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5167] creat("./file1", 000) = 4
[pid 5167] exit_group(0) = ?
[pid 5167] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached
, child_tidptr=0x555556e60650) = 5169
[pid 5169] set_robust_list(0x555556e60660, 24) = 0
[pid 5169] chdir("./69") = 0
[pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5169] setpgid(0, 0) = 0
[ 68.403867][ T5167] loop0: detected capacity change from 0 to 512
[ 68.412326][ T5167] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.427193][ T5167] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5169] write(3, "1000", 4) = 4
[pid 5169] close(3) = 0
[pid 5169] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5169] memfd_create("syzkaller", 0) = 3
[pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5169] munmap(0x7fa868d87000, 262144) = 0
[pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5169] close(3) = 0
[pid 5169] mkdir("./file1", 0777) = 0
[pid 5169] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5169] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5169] chdir("./file1") = 0
[pid 5169] ioctl(4, LOOP_CLR_FD) = 0
[pid 5169] close(4) = 0
[pid 5169] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5169] creat("./file1", 000) = 4
[pid 5169] exit_group(0) = ?
[pid 5169] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached
, child_tidptr=0x555556e60650) = 5171
[pid 5171] set_robust_list(0x555556e60660, 24) = 0
[pid 5171] chdir("./70") = 0
[pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5171] setpgid(0, 0) = 0
[pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5171] write(3, "1000", 4) = 4
[pid 5171] close(3) = 0
[pid 5171] symlink("/dev/binderfs", "./binderfs") = 0
[ 68.491923][ T5169] loop0: detected capacity change from 0 to 512
[ 68.501065][ T5169] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.516423][ T5169] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5171] memfd_create("syzkaller", 0) = 3
[pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5171] munmap(0x7fa868d87000, 262144) = 0
[pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5171] close(3) = 0
[pid 5171] mkdir("./file1", 0777) = 0
[pid 5171] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5171] chdir("./file1") = 0
[pid 5171] ioctl(4, LOOP_CLR_FD) = 0
[pid 5171] close(4) = 0
[pid 5171] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5171] creat("./file1", 000) = 4
[pid 5171] exit_group(0) = ?
[pid 5171] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached
, child_tidptr=0x555556e60650) = 5173
[pid 5173] set_robust_list(0x555556e60660, 24) = 0
[pid 5173] chdir("./71") = 0
[pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5173] setpgid(0, 0) = 0
[pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5173] write(3, "1000", 4) = 4
[pid 5173] close(3) = 0
[pid 5173] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5173] memfd_create("syzkaller", 0) = 3
[pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5173] munmap(0x7fa868d87000, 262144) = 0
[pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.582869][ T5171] loop0: detected capacity change from 0 to 512
[ 68.592545][ T5171] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.607212][ T5171] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5173] close(3) = 0
[pid 5173] mkdir("./file1", 0777) = 0
[pid 5173] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5173] chdir("./file1") = 0
[pid 5173] ioctl(4, LOOP_CLR_FD) = 0
[pid 5173] close(4) = 0
[pid 5173] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5173] creat("./file1", 000) = 4
[pid 5173] exit_group(0) = ?
[pid 5173] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached
, child_tidptr=0x555556e60650) = 5175
[pid 5175] set_robust_list(0x555556e60660, 24) = 0
[pid 5175] chdir("./72") = 0
[pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5175] setpgid(0, 0) = 0
[pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5175] write(3, "1000", 4) = 4
[pid 5175] close(3) = 0
[pid 5175] symlink("/dev/binderfs", "./binderfs") = 0
[ 68.655985][ T5173] loop0: detected capacity change from 0 to 512
[ 68.667207][ T5173] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.685846][ T5173] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5175] memfd_create("syzkaller", 0) = 3
[pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5175] munmap(0x7fa868d87000, 262144) = 0
[pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5175] close(3) = 0
[pid 5175] mkdir("./file1", 0777) = 0
[pid 5175] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5175] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5175] chdir("./file1") = 0
[pid 5175] ioctl(4, LOOP_CLR_FD) = 0
[pid 5175] close(4) = 0
[pid 5175] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5175] creat("./file1", 000) = 4
[pid 5175] exit_group(0) = ?
[pid 5175] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached
, child_tidptr=0x555556e60650) = 5177
[pid 5177] set_robust_list(0x555556e60660, 24) = 0
[pid 5177] chdir("./73") = 0
[pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5177] setpgid(0, 0) = 0
[pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5177] write(3, "1000", 4) = 4
[pid 5177] close(3) = 0
[pid 5177] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5177] memfd_create("syzkaller", 0) = 3
[pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5177] munmap(0x7fa868d87000, 262144) = 0
[ 68.732889][ T5175] loop0: detected capacity change from 0 to 512
[ 68.741770][ T5175] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.756122][ T5175] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5177] close(3) = 0
[pid 5177] mkdir("./file1", 0777) = 0
[pid 5177] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5177] chdir("./file1") = 0
[pid 5177] ioctl(4, LOOP_CLR_FD) = 0
[pid 5177] close(4) = 0
[pid 5177] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5177] creat("./file1", 000) = 4
[pid 5177] exit_group(0) = ?
[pid 5177] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached
, child_tidptr=0x555556e60650) = 5179
[pid 5179] set_robust_list(0x555556e60660, 24) = 0
[pid 5179] chdir("./74") = 0
[pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5179] setpgid(0, 0) = 0
[pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5179] write(3, "1000", 4) = 4
[pid 5179] close(3) = 0
[pid 5179] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5179] memfd_create("syzkaller", 0) = 3
[pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5179] munmap(0x7fa868d87000, 262144) = 0
[pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.817414][ T5177] loop0: detected capacity change from 0 to 512
[ 68.827479][ T5177] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.847428][ T5177] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5179] close(3) = 0
[pid 5179] mkdir("./file1", 0777) = 0
[pid 5179] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5179] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5179] chdir("./file1") = 0
[pid 5179] ioctl(4, LOOP_CLR_FD) = 0
[pid 5179] close(4) = 0
[pid 5179] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5179] creat("./file1", 000) = 4
[pid 5179] exit_group(0) = ?
[pid 5179] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached
, child_tidptr=0x555556e60650) = 5181
[pid 5181] set_robust_list(0x555556e60660, 24) = 0
[pid 5181] chdir("./75") = 0
[pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5181] setpgid(0, 0) = 0
[pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5181] write(3, "1000", 4) = 4
[pid 5181] close(3) = 0
[pid 5181] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5181] memfd_create("syzkaller", 0) = 3
[pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 68.896076][ T5179] loop0: detected capacity change from 0 to 512
[ 68.905584][ T5179] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 68.919872][ T5179] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5181] munmap(0x7fa868d87000, 262144) = 0
[pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5181] close(3) = 0
[pid 5181] mkdir("./file1", 0777) = 0
[pid 5181] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5181] chdir("./file1") = 0
[pid 5181] ioctl(4, LOOP_CLR_FD) = 0
[pid 5181] close(4) = 0
[pid 5181] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5181] creat("./file1", 000) = 4
[pid 5181] exit_group(0) = ?
[pid 5181] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs") = 0
umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached
, child_tidptr=0x555556e60650) = 5183
[pid 5183] set_robust_list(0x555556e60660, 24) = 0
[pid 5183] chdir("./76") = 0
[pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5183] setpgid(0, 0) = 0
[pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5183] write(3, "1000", 4) = 4
[pid 5183] close(3) = 0
[pid 5183] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5183] memfd_create("syzkaller", 0) = 3
[pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5183] munmap(0x7fa868d87000, 262144) = 0
[pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.979055][ T5181] loop0: detected capacity change from 0 to 512
[ 68.987852][ T5181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.001387][ T5181] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5183] close(3) = 0
[pid 5183] mkdir("./file1", 0777) = 0
[pid 5183] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5183] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5183] chdir("./file1") = 0
[pid 5183] ioctl(4, LOOP_CLR_FD) = 0
[pid 5183] close(4) = 0
[pid 5183] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5183] creat("./file1", 000) = 4
[pid 5183] exit_group(0) = ?
[pid 5183] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/binderfs") = 0
umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached
, child_tidptr=0x555556e60650) = 5185
[pid 5185] set_robust_list(0x555556e60660, 24) = 0
[pid 5185] chdir("./77") = 0
[pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5185] setpgid(0, 0) = 0
[pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5185] write(3, "1000", 4) = 4
[pid 5185] close(3) = 0
[pid 5185] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5185] memfd_create("syzkaller", 0) = 3
[pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5185] munmap(0x7fa868d87000, 262144) = 0
[pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.054635][ T5183] loop0: detected capacity change from 0 to 512
[ 69.064265][ T5183] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.078402][ T5183] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5185] close(3) = 0
[pid 5185] mkdir("./file1", 0777) = 0
[pid 5185] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5185] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5185] chdir("./file1") = 0
[pid 5185] ioctl(4, LOOP_CLR_FD) = 0
[pid 5185] close(4) = 0
[pid 5185] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5185] creat("./file1", 000) = 4
[pid 5185] exit_group(0) = ?
[pid 5185] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs") = 0
umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached
, child_tidptr=0x555556e60650) = 5187
[pid 5187] set_robust_list(0x555556e60660, 24) = 0
[pid 5187] chdir("./78") = 0
[pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5187] setpgid(0, 0) = 0
[pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5187] write(3, "1000", 4) = 4
[pid 5187] close(3) = 0
[pid 5187] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5187] memfd_create("syzkaller", 0) = 3
[ 69.129420][ T5185] loop0: detected capacity change from 0 to 512
[ 69.139466][ T5185] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.153490][ T5185] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5187] munmap(0x7fa868d87000, 262144) = 0
[pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5187] close(3) = 0
[pid 5187] mkdir("./file1", 0777) = 0
[pid 5187] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5187] chdir("./file1") = 0
[pid 5187] ioctl(4, LOOP_CLR_FD) = 0
[pid 5187] close(4) = 0
[pid 5187] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5187] creat("./file1", 000) = 4
[pid 5187] exit_group(0) = ?
[pid 5187] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs") = 0
umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5189
./strace-static-x86_64: Process 5189 attached
[pid 5189] set_robust_list(0x555556e60660, 24) = 0
[pid 5189] chdir("./79") = 0
[pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5189] setpgid(0, 0) = 0
[pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5189] write(3, "1000", 4) = 4
[ 69.215759][ T5187] loop0: detected capacity change from 0 to 512
[ 69.224619][ T5187] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.239217][ T5187] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5189] close(3) = 0
[pid 5189] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5189] memfd_create("syzkaller", 0) = 3
[pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5189] munmap(0x7fa868d87000, 262144) = 0
[pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5189] close(3) = 0
[pid 5189] mkdir("./file1", 0777) = 0
[pid 5189] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5189] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5189] chdir("./file1") = 0
[pid 5189] ioctl(4, LOOP_CLR_FD) = 0
[pid 5189] close(4) = 0
[pid 5189] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5189] creat("./file1", 000) = 4
[pid 5189] exit_group(0) = ?
[pid 5189] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs") = 0
umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5191 attached
, child_tidptr=0x555556e60650) = 5191
[pid 5191] set_robust_list(0x555556e60660, 24) = 0
[pid 5191] chdir("./80") = 0
[pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5191] setpgid(0, 0) = 0
[pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5191] write(3, "1000", 4) = 4
[pid 5191] close(3) = 0
[pid 5191] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5191] memfd_create("syzkaller", 0) = 3
[pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5191] munmap(0x7fa868d87000, 262144) = 0
[pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.312044][ T5189] loop0: detected capacity change from 0 to 512
[ 69.320515][ T5189] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.334402][ T5189] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5191] close(3) = 0
[pid 5191] mkdir("./file1", 0777) = 0
[pid 5191] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5191] chdir("./file1") = 0
[pid 5191] ioctl(4, LOOP_CLR_FD) = 0
[pid 5191] close(4) = 0
[pid 5191] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5191] creat("./file1", 000) = 4
[pid 5191] exit_group(0) = ?
[pid 5191] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs") = 0
umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 69.384697][ T5191] loop0: detected capacity change from 0 to 512
[ 69.395434][ T5191] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.413609][ T5191] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5193
./strace-static-x86_64: Process 5193 attached
[pid 5193] set_robust_list(0x555556e60660, 24) = 0
[pid 5193] chdir("./81") = 0
[pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5193] setpgid(0, 0) = 0
[pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5193] write(3, "1000", 4) = 4
[pid 5193] close(3) = 0
[pid 5193] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5193] memfd_create("syzkaller", 0) = 3
[pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5193] munmap(0x7fa868d87000, 262144) = 0
[pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5193] close(3) = 0
[pid 5193] mkdir("./file1", 0777) = 0
[pid 5193] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5193] chdir("./file1") = 0
[pid 5193] ioctl(4, LOOP_CLR_FD) = 0
[pid 5193] close(4) = 0
[pid 5193] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5193] creat("./file1", 000) = 4
[pid 5193] exit_group(0) = ?
[pid 5193] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs") = 0
umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5195
./strace-static-x86_64: Process 5195 attached
[pid 5195] set_robust_list(0x555556e60660, 24) = 0
[pid 5195] chdir("./82") = 0
[pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5195] setpgid(0, 0) = 0
[pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5195] write(3, "1000", 4) = 4
[pid 5195] close(3) = 0
[pid 5195] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5195] memfd_create("syzkaller", 0) = 3
[pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 69.480393][ T5193] loop0: detected capacity change from 0 to 512
[ 69.490289][ T5193] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.504109][ T5193] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5195] munmap(0x7fa868d87000, 262144) = 0
[pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5195] close(3) = 0
[pid 5195] mkdir("./file1", 0777) = 0
[pid 5195] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5195] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5195] chdir("./file1") = 0
[pid 5195] ioctl(4, LOOP_CLR_FD) = 0
[pid 5195] close(4) = 0
[pid 5195] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5195] creat("./file1", 000) = 4
[pid 5195] exit_group(0) = ?
[pid 5195] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs") = 0
umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached
, child_tidptr=0x555556e60650) = 5197
[pid 5197] set_robust_list(0x555556e60660, 24) = 0
[pid 5197] chdir("./83") = 0
[pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5197] setpgid(0, 0) = 0
[pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5197] write(3, "1000", 4) = 4
[pid 5197] close(3) = 0
[pid 5197] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5197] memfd_create("syzkaller", 0) = 3
[pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5197] munmap(0x7fa868d87000, 262144) = 0
[ 69.559063][ T5195] loop0: detected capacity change from 0 to 512
[ 69.567310][ T5195] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.581784][ T5195] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5197] close(3) = 0
[pid 5197] mkdir("./file1", 0777) = 0
[pid 5197] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5197] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5197] chdir("./file1") = 0
[pid 5197] ioctl(4, LOOP_CLR_FD) = 0
[pid 5197] close(4) = 0
[pid 5197] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5197] creat("./file1", 000) = 4
[pid 5197] exit_group(0) = ?
[pid 5197] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs") = 0
umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached
, child_tidptr=0x555556e60650) = 5199
[pid 5199] set_robust_list(0x555556e60660, 24) = 0
[pid 5199] chdir("./84") = 0
[pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5199] setpgid(0, 0) = 0
[ 69.640237][ T5197] loop0: detected capacity change from 0 to 512
[ 69.651394][ T5197] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.665732][ T5197] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5199] write(3, "1000", 4) = 4
[pid 5199] close(3) = 0
[pid 5199] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5199] memfd_create("syzkaller", 0) = 3
[pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5199] munmap(0x7fa868d87000, 262144) = 0
[pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5199] close(3) = 0
[pid 5199] mkdir("./file1", 0777) = 0
[pid 5199] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5199] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5199] chdir("./file1") = 0
[pid 5199] ioctl(4, LOOP_CLR_FD) = 0
[pid 5199] close(4) = 0
[pid 5199] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5199] creat("./file1", 000) = 4
[pid 5199] exit_group(0) = ?
[pid 5199] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs") = 0
umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached
<unfinished ...>
[pid 5201] set_robust_list(0x555556e60660, 24 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5201
[pid 5201] <... set_robust_list resumed>) = 0
[pid 5201] chdir("./85") = 0
[pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5201] setpgid(0, 0) = 0
[pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5201] write(3, "1000", 4) = 4
[pid 5201] close(3) = 0
[pid 5201] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5201] memfd_create("syzkaller", 0) = 3
[pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5201] munmap(0x7fa868d87000, 262144) = 0
[ 69.726366][ T5199] loop0: detected capacity change from 0 to 512
[ 69.735524][ T5199] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.749989][ T5199] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5201] close(3) = 0
[pid 5201] mkdir("./file1", 0777) = 0
[pid 5201] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5201] chdir("./file1") = 0
[pid 5201] ioctl(4, LOOP_CLR_FD) = 0
[pid 5201] close(4) = 0
[pid 5201] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5201] creat("./file1", 000) = 4
[pid 5201] exit_group(0) = ?
[pid 5201] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs") = 0
umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5203
./strace-static-x86_64: Process 5203 attached
[pid 5203] set_robust_list(0x555556e60660, 24) = 0
[pid 5203] chdir("./86") = 0
[pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 69.796353][ T5201] loop0: detected capacity change from 0 to 512
[ 69.805340][ T5201] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.821643][ T5201] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5203] setpgid(0, 0) = 0
[pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5203] write(3, "1000", 4) = 4
[pid 5203] close(3) = 0
[pid 5203] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5203] memfd_create("syzkaller", 0) = 3
[pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5203] munmap(0x7fa868d87000, 262144) = 0
[pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5203] close(3) = 0
[pid 5203] mkdir("./file1", 0777) = 0
[pid 5203] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5203] chdir("./file1") = 0
[pid 5203] ioctl(4, LOOP_CLR_FD) = 0
[pid 5203] close(4) = 0
[pid 5203] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5203] creat("./file1", 000) = 4
[pid 5203] exit_group(0) = ?
[pid 5203] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs") = 0
umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached
, child_tidptr=0x555556e60650) = 5205
[pid 5205] set_robust_list(0x555556e60660, 24) = 0
[pid 5205] chdir("./87") = 0
[pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5205] setpgid(0, 0) = 0
[pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5205] write(3, "1000", 4) = 4
[pid 5205] close(3) = 0
[pid 5205] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5205] memfd_create("syzkaller", 0) = 3
[pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5205] munmap(0x7fa868d87000, 262144) = 0
[pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.889518][ T5203] loop0: detected capacity change from 0 to 512
[ 69.898105][ T5203] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.912406][ T5203] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5205] close(3) = 0
[pid 5205] mkdir("./file1", 0777) = 0
[pid 5205] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5205] chdir("./file1") = 0
[pid 5205] ioctl(4, LOOP_CLR_FD) = 0
[pid 5205] close(4) = 0
[pid 5205] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5205] creat("./file1", 000) = 4
[pid 5205] exit_group(0) = ?
[pid 5205] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs") = 0
umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5207
./strace-static-x86_64: Process 5207 attached
[pid 5207] set_robust_list(0x555556e60660, 24) = 0
[pid 5207] chdir("./88") = 0
[pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5207] setpgid(0, 0) = 0
[pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5207] write(3, "1000", 4) = 4
[pid 5207] close(3) = 0
[pid 5207] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5207] memfd_create("syzkaller", 0) = 3
[pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 69.968056][ T5205] loop0: detected capacity change from 0 to 512
[ 69.976555][ T5205] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 69.993079][ T5205] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5207] munmap(0x7fa868d87000, 262144) = 0
[pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5207] close(3) = 0
[pid 5207] mkdir("./file1", 0777) = 0
[pid 5207] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5207] chdir("./file1") = 0
[pid 5207] ioctl(4, LOOP_CLR_FD) = 0
[pid 5207] close(4) = 0
[pid 5207] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5207] creat("./file1", 000) = 4
[pid 5207] exit_group(0) = ?
[pid 5207] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs") = 0
umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached
, child_tidptr=0x555556e60650) = 5209
[pid 5209] set_robust_list(0x555556e60660, 24) = 0
[pid 5209] chdir("./89") = 0
[pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5209] setpgid(0, 0) = 0
[pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5209] write(3, "1000", 4) = 4
[pid 5209] close(3) = 0
[pid 5209] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5209] memfd_create("syzkaller", 0) = 3
[pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5209] munmap(0x7fa868d87000, 262144) = 0
[ 70.050576][ T5207] loop0: detected capacity change from 0 to 512
[ 70.060751][ T5207] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.075655][ T5207] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5209] close(3) = 0
[pid 5209] mkdir("./file1", 0777) = 0
[pid 5209] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5209] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5209] chdir("./file1") = 0
[pid 5209] ioctl(4, LOOP_CLR_FD) = 0
[pid 5209] close(4) = 0
[pid 5209] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5209] creat("./file1", 000) = 4
[pid 5209] exit_group(0) = ?
[pid 5209] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs") = 0
umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5211 attached
, child_tidptr=0x555556e60650) = 5211
[pid 5211] set_robust_list(0x555556e60660, 24) = 0
[pid 5211] chdir("./90") = 0
[pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5211] setpgid(0, 0) = 0
[pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5211] write(3, "1000", 4) = 4
[pid 5211] close(3) = 0
[pid 5211] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5211] memfd_create("syzkaller", 0) = 3
[pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5211] munmap(0x7fa868d87000, 262144) = 0
[pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.130500][ T5209] loop0: detected capacity change from 0 to 512
[ 70.144689][ T5209] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.159945][ T5209] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5211] close(3) = 0
[pid 5211] mkdir("./file1", 0777) = 0
[pid 5211] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5211] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5211] chdir("./file1") = 0
[pid 5211] ioctl(4, LOOP_CLR_FD) = 0
[pid 5211] close(4) = 0
[pid 5211] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5211] creat("./file1", 000) = 4
[pid 5211] exit_group(0) = ?
[pid 5211] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs") = 0
umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
[ 70.204614][ T5211] loop0: detected capacity change from 0 to 512
[ 70.214574][ T5211] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.231533][ T5211] EXT4-fs (loop0): 1 truncate cleaned up
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached
<unfinished ...>
[pid 5213] set_robust_list(0x555556e60660, 24) = 0
[pid 5213] chdir("./91") = 0
[pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5213] setpgid(0, 0) = 0
[pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5213] write(3, "1000", 4) = 4
[pid 5213] close(3) = 0
[pid 5213] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5213] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5213
[pid 5213] <... memfd_create resumed>) = 3
[pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5213] munmap(0x7fa868d87000, 262144) = 0
[pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5213] close(3) = 0
[pid 5213] mkdir("./file1", 0777) = 0
[pid 5213] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5213] chdir("./file1") = 0
[pid 5213] ioctl(4, LOOP_CLR_FD) = 0
[pid 5213] close(4) = 0
[pid 5213] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5213] creat("./file1", 000) = 4
[pid 5213] exit_group(0) = ?
[pid 5213] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs") = 0
umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached
<unfinished ...>
[pid 5215] set_robust_list(0x555556e60660, 24) = 0
[pid 5215] chdir("./92") = 0
[pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5215] setpgid(0, 0) = 0
[pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5215] write(3, "1000", 4) = 4
[pid 5215] close(3) = 0
[pid 5215] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5215] memfd_create("syzkaller", 0) = 3
[pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5215
[pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5215] munmap(0x7fa868d87000, 262144) = 0
[ 70.301746][ T5213] loop0: detected capacity change from 0 to 512
[ 70.310244][ T5213] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.324923][ T5213] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5215] close(3) = 0
[pid 5215] mkdir("./file1", 0777) = 0
[pid 5215] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5215] chdir("./file1") = 0
[pid 5215] ioctl(4, LOOP_CLR_FD) = 0
[pid 5215] close(4) = 0
[pid 5215] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5215] creat("./file1", 000) = 4
[pid 5215] exit_group(0) = ?
[pid 5215] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs") = 0
umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 70.382878][ T5215] loop0: detected capacity change from 0 to 512
[ 70.397004][ T5215] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.414933][ T5215] EXT4-fs (loop0): 1 truncate cleaned up
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5217
./strace-static-x86_64: Process 5217 attached
[pid 5217] set_robust_list(0x555556e60660, 24) = 0
[pid 5217] chdir("./93") = 0
[pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5217] setpgid(0, 0) = 0
[pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5217] write(3, "1000", 4) = 4
[pid 5217] close(3) = 0
[pid 5217] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5217] memfd_create("syzkaller", 0) = 3
[pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5217] munmap(0x7fa868d87000, 262144) = 0
[pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5217] close(3) = 0
[pid 5217] mkdir("./file1", 0777) = 0
[pid 5217] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5217] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5217] chdir("./file1") = 0
[pid 5217] ioctl(4, LOOP_CLR_FD) = 0
[pid 5217] close(4) = 0
[pid 5217] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5217] creat("./file1", 000) = 4
[pid 5217] exit_group(0) = ?
[pid 5217] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs") = 0
umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached
, child_tidptr=0x555556e60650) = 5219
[pid 5219] set_robust_list(0x555556e60660, 24) = 0
[pid 5219] chdir("./94") = 0
[pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5219] setpgid(0, 0) = 0
[pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5219] write(3, "1000", 4) = 4
[pid 5219] close(3) = 0
[pid 5219] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5219] memfd_create("syzkaller", 0) = 3
[pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5219] munmap(0x7fa868d87000, 262144) = 0
[pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.486015][ T5217] loop0: detected capacity change from 0 to 512
[ 70.495155][ T5217] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.510000][ T5217] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5219] close(3) = 0
[pid 5219] mkdir("./file1", 0777) = 0
[pid 5219] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5219] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5219] chdir("./file1") = 0
[pid 5219] ioctl(4, LOOP_CLR_FD) = 0
[pid 5219] close(4) = 0
[pid 5219] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5219] creat("./file1", 000) = 4
[pid 5219] exit_group(0) = ?
[pid 5219] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs") = 0
umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached
, child_tidptr=0x555556e60650) = 5221
[pid 5221] set_robust_list(0x555556e60660, 24) = 0
[pid 5221] chdir("./95") = 0
[pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5221] setpgid(0, 0) = 0
[pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5221] write(3, "1000", 4) = 4
[pid 5221] close(3) = 0
[pid 5221] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5221] memfd_create("syzkaller", 0) = 3
[pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 70.551875][ T5219] loop0: detected capacity change from 0 to 512
[ 70.562970][ T5219] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.582147][ T5219] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5221] munmap(0x7fa868d87000, 262144) = 0
[pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5221] close(3) = 0
[pid 5221] mkdir("./file1", 0777) = 0
[pid 5221] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5221] chdir("./file1") = 0
[pid 5221] ioctl(4, LOOP_CLR_FD) = 0
[pid 5221] close(4) = 0
[pid 5221] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5221] creat("./file1", 000) = 4
[pid 5221] exit_group(0) = ?
[pid 5221] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs") = 0
umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached
, child_tidptr=0x555556e60650) = 5223
[pid 5223] set_robust_list(0x555556e60660, 24) = 0
[pid 5223] chdir("./96") = 0
[pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5223] setpgid(0, 0) = 0
[pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5223] write(3, "1000", 4) = 4
[pid 5223] close(3) = 0
[pid 5223] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5223] memfd_create("syzkaller", 0) = 3
[pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5223] munmap(0x7fa868d87000, 262144) = 0
[pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.634284][ T5221] loop0: detected capacity change from 0 to 512
[ 70.642988][ T5221] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.657937][ T5221] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5223] close(3) = 0
[pid 5223] mkdir("./file1", 0777) = 0
[pid 5223] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5223] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5223] chdir("./file1") = 0
[pid 5223] ioctl(4, LOOP_CLR_FD) = 0
[pid 5223] close(4) = 0
[pid 5223] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5223] creat("./file1", 000) = 4
[pid 5223] exit_group(0) = ?
[pid 5223] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs") = 0
umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached
<unfinished ...>
[pid 5225] set_robust_list(0x555556e60660, 24) = 0
[pid 5225] chdir("./97") = 0
[pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5225
[pid 5225] setpgid(0, 0) = 0
[pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5225] write(3, "1000", 4) = 4
[pid 5225] close(3) = 0
[pid 5225] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5225] memfd_create("syzkaller", 0) = 3
[pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5225] munmap(0x7fa868d87000, 262144) = 0
[pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.695309][ T5223] loop0: detected capacity change from 0 to 512
[ 70.704428][ T5223] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.723528][ T5223] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5225] close(3) = 0
[pid 5225] mkdir("./file1", 0777) = 0
[pid 5225] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5225] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5225] chdir("./file1") = 0
[pid 5225] ioctl(4, LOOP_CLR_FD) = 0
[pid 5225] close(4) = 0
[pid 5225] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5225] creat("./file1", 000) = 4
[pid 5225] exit_group(0) = ?
[pid 5225] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs") = 0
umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5227
./strace-static-x86_64: Process 5227 attached
[ 70.764041][ T5225] loop0: detected capacity change from 0 to 512
[ 70.772595][ T5225] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.788829][ T5225] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5227] set_robust_list(0x555556e60660, 24) = 0
[pid 5227] chdir("./98") = 0
[pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5227] setpgid(0, 0) = 0
[pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5227] write(3, "1000", 4) = 4
[pid 5227] close(3) = 0
[pid 5227] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5227] memfd_create("syzkaller", 0) = 3
[pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5227] munmap(0x7fa868d87000, 262144) = 0
[pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5227] close(3) = 0
[pid 5227] mkdir("./file1", 0777) = 0
[pid 5227] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5227] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5227] chdir("./file1") = 0
[pid 5227] ioctl(4, LOOP_CLR_FD) = 0
[pid 5227] close(4) = 0
[pid 5227] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5227] creat("./file1", 000) = 4
[pid 5227] exit_group(0) = ?
[pid 5227] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs") = 0
umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached
, child_tidptr=0x555556e60650) = 5229
[pid 5229] set_robust_list(0x555556e60660, 24) = 0
[pid 5229] chdir("./99") = 0
[pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5229] setpgid(0, 0) = 0
[pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5229] write(3, "1000", 4) = 4
[pid 5229] close(3) = 0
[pid 5229] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5229] memfd_create("syzkaller", 0) = 3
[pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5229] munmap(0x7fa868d87000, 262144) = 0
[pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.864174][ T5227] loop0: detected capacity change from 0 to 512
[ 70.873545][ T5227] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.889441][ T5227] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5229] close(3) = 0
[pid 5229] mkdir("./file1", 0777) = 0
[pid 5229] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5229] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5229] chdir("./file1") = 0
[pid 5229] ioctl(4, LOOP_CLR_FD) = 0
[pid 5229] close(4) = 0
[pid 5229] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5229] creat("./file1", 000) = 4
[pid 5229] exit_group(0) = ?
[pid 5229] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs") = 0
umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached
, child_tidptr=0x555556e60650) = 5231
[pid 5231] set_robust_list(0x555556e60660, 24) = 0
[pid 5231] chdir("./100") = 0
[pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5231] setpgid(0, 0) = 0
[pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5231] write(3, "1000", 4) = 4
[pid 5231] close(3) = 0
[pid 5231] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5231] memfd_create("syzkaller", 0) = 3
[pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5231] munmap(0x7fa868d87000, 262144) = 0
[pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.936057][ T5229] loop0: detected capacity change from 0 to 512
[ 70.945524][ T5229] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 70.960284][ T5229] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5231] close(3) = 0
[pid 5231] mkdir("./file1", 0777) = 0
[pid 5231] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5231] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5231] chdir("./file1") = 0
[pid 5231] ioctl(4, LOOP_CLR_FD) = 0
[pid 5231] close(4) = 0
[pid 5231] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5231] creat("./file1", 000) = 4
[pid 5231] exit_group(0) = ?
[pid 5231] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs") = 0
umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached
, child_tidptr=0x555556e60650) = 5233
[pid 5233] set_robust_list(0x555556e60660, 24) = 0
[pid 5233] chdir("./101") = 0
[pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5233] setpgid(0, 0) = 0
[ 71.002325][ T5231] loop0: detected capacity change from 0 to 512
[ 71.011908][ T5231] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.026194][ T5231] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5233] write(3, "1000", 4) = 4
[pid 5233] close(3) = 0
[pid 5233] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5233] memfd_create("syzkaller", 0) = 3
[pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5233] munmap(0x7fa868d87000, 262144) = 0
[pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5233] close(3) = 0
[pid 5233] mkdir("./file1", 0777) = 0
[pid 5233] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5233] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5233] chdir("./file1") = 0
[pid 5233] ioctl(4, LOOP_CLR_FD) = 0
[pid 5233] close(4) = 0
[pid 5233] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5233] creat("./file1", 000) = 4
[pid 5233] exit_group(0) = ?
[pid 5233] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs") = 0
umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 71.093395][ T5233] loop0: detected capacity change from 0 to 512
[ 71.109830][ T5233] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.127194][ T5233] EXT4-fs (loop0): 1 truncate cleaned up
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached
, child_tidptr=0x555556e60650) = 5235
[pid 5235] set_robust_list(0x555556e60660, 24) = 0
[pid 5235] chdir("./102") = 0
[pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5235] setpgid(0, 0) = 0
[pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5235] write(3, "1000", 4) = 4
[pid 5235] close(3) = 0
[pid 5235] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5235] memfd_create("syzkaller", 0) = 3
[pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5235] munmap(0x7fa868d87000, 262144) = 0
[pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5235] close(3) = 0
[pid 5235] mkdir("./file1", 0777) = 0
[pid 5235] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5235] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5235] chdir("./file1") = 0
[pid 5235] ioctl(4, LOOP_CLR_FD) = 0
[pid 5235] close(4) = 0
[pid 5235] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5235] creat("./file1", 000) = 4
[pid 5235] exit_group(0) = ?
[pid 5235] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs") = 0
umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached
, child_tidptr=0x555556e60650) = 5237
[pid 5237] set_robust_list(0x555556e60660, 24) = 0
[pid 5237] chdir("./103") = 0
[pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5237] setpgid(0, 0) = 0
[pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5237] write(3, "1000", 4) = 4
[pid 5237] close(3) = 0
[pid 5237] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5237] memfd_create("syzkaller", 0) = 3
[pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5237] munmap(0x7fa868d87000, 262144) = 0
[pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 71.182766][ T5235] loop0: detected capacity change from 0 to 512
[ 71.192187][ T5235] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.205967][ T5235] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5237] close(3) = 0
[pid 5237] mkdir("./file1", 0777) = 0
[pid 5237] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5237] chdir("./file1") = 0
[pid 5237] ioctl(4, LOOP_CLR_FD) = 0
[pid 5237] close(4) = 0
[pid 5237] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5237] creat("./file1", 000) = 4
[pid 5237] exit_group(0) = ?
[pid 5237] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs") = 0
umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached
<unfinished ...>
[pid 5239] set_robust_list(0x555556e60660, 24 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5239
[pid 5239] <... set_robust_list resumed>) = 0
[pid 5239] chdir("./104") = 0
[pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 71.263825][ T5237] loop0: detected capacity change from 0 to 512
[ 71.280922][ T5237] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.296156][ T5237] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5239] setpgid(0, 0) = 0
[pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5239] write(3, "1000", 4) = 4
[pid 5239] close(3) = 0
[pid 5239] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5239] memfd_create("syzkaller", 0) = 3
[pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5239] munmap(0x7fa868d87000, 262144) = 0
[pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5239] close(3) = 0
[pid 5239] mkdir("./file1", 0777) = 0
[pid 5239] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5239] chdir("./file1") = 0
[pid 5239] ioctl(4, LOOP_CLR_FD) = 0
[pid 5239] close(4) = 0
[pid 5239] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5239] creat("./file1", 000) = 4
[pid 5239] exit_group(0) = ?
[pid 5239] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs") = 0
umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached
, child_tidptr=0x555556e60650) = 5242
[pid 5242] set_robust_list(0x555556e60660, 24) = 0
[pid 5242] chdir("./105") = 0
[pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5242] setpgid(0, 0) = 0
[pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5242] write(3, "1000", 4) = 4
[pid 5242] close(3) = 0
[pid 5242] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5242] memfd_create("syzkaller", 0) = 3
[pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5242] munmap(0x7fa868d87000, 262144) = 0
[ 71.353421][ T5239] loop0: detected capacity change from 0 to 512
[ 71.361894][ T5239] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.376635][ T5239] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5242] close(3) = 0
[pid 5242] mkdir("./file1", 0777) = 0
[pid 5242] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5242] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5242] chdir("./file1") = 0
[pid 5242] ioctl(4, LOOP_CLR_FD) = 0
[pid 5242] close(4) = 0
[pid 5242] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5242] creat("./file1", 000) = 4
[pid 5242] exit_group(0) = ?
[pid 5242] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs") = 0
umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached
, child_tidptr=0x555556e60650) = 5244
[pid 5244] set_robust_list(0x555556e60660, 24) = 0
[pid 5244] chdir("./106") = 0
[pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5244] setpgid(0, 0) = 0
[pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5244] write(3, "1000", 4) = 4
[pid 5244] close(3) = 0
[pid 5244] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5244] memfd_create("syzkaller", 0) = 3
[pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5244] munmap(0x7fa868d87000, 262144) = 0
[pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 71.438002][ T5242] loop0: detected capacity change from 0 to 512
[ 71.447520][ T5242] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.462099][ T5242] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5244] close(3) = 0
[pid 5244] mkdir("./file1", 0777) = 0
[pid 5244] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5244] chdir("./file1") = 0
[pid 5244] ioctl(4, LOOP_CLR_FD) = 0
[pid 5244] close(4) = 0
[pid 5244] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5244] creat("./file1", 000) = 4
[pid 5244] exit_group(0) = ?
[pid 5244] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./106/binderfs") = 0
umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./106/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5246 attached
, child_tidptr=0x555556e60650) = 5246
[pid 5246] set_robust_list(0x555556e60660, 24) = 0
[pid 5246] chdir("./107") = 0
[pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5246] setpgid(0, 0) = 0
[pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5246] write(3, "1000", 4) = 4
[pid 5246] close(3) = 0
[pid 5246] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5246] memfd_create("syzkaller", 0) = 3
[pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 71.510677][ T5244] loop0: detected capacity change from 0 to 512
[ 71.521754][ T5244] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.536104][ T5244] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5246] munmap(0x7fa868d87000, 262144) = 0
[pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5246] close(3) = 0
[pid 5246] mkdir("./file1", 0777) = 0
[pid 5246] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5246] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5246] chdir("./file1") = 0
[pid 5246] ioctl(4, LOOP_CLR_FD) = 0
[pid 5246] close(4) = 0
[pid 5246] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5246] creat("./file1", 000) = 4
[pid 5246] exit_group(0) = ?
[pid 5246] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./107/binderfs") = 0
umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./107/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./107/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./107") = 0
mkdir("./108", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5248
./strace-static-x86_64: Process 5248 attached
[pid 5248] set_robust_list(0x555556e60660, 24) = 0
[pid 5248] chdir("./108") = 0
[pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5248] setpgid(0, 0) = 0
[pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5248] write(3, "1000", 4) = 4
[pid 5248] close(3) = 0
[pid 5248] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5248] memfd_create("syzkaller", 0) = 3
[pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 71.594012][ T5246] loop0: detected capacity change from 0 to 512
[ 71.602635][ T5246] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.617851][ T5246] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5248] munmap(0x7fa868d87000, 262144) = 0
[pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5248] close(3) = 0
[pid 5248] mkdir("./file1", 0777) = 0
[pid 5248] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5248] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5248] chdir("./file1") = 0
[pid 5248] ioctl(4, LOOP_CLR_FD) = 0
[pid 5248] close(4) = 0
[pid 5248] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5248] creat("./file1", 000) = 4
[pid 5248] exit_group(0) = ?
[pid 5248] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./108/binderfs") = 0
umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./108/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./108/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./108") = 0
mkdir("./109", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5250
./strace-static-x86_64: Process 5250 attached
[pid 5250] set_robust_list(0x555556e60660, 24) = 0
[pid 5250] chdir("./109") = 0
[pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5250] setpgid(0, 0) = 0
[ 71.677755][ T5248] loop0: detected capacity change from 0 to 512
[ 71.686065][ T5248] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.699917][ T5248] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5250] write(3, "1000", 4) = 4
[pid 5250] close(3) = 0
[pid 5250] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5250] memfd_create("syzkaller", 0) = 3
[pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5250] munmap(0x7fa868d87000, 262144) = 0
[pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5250] close(3) = 0
[pid 5250] mkdir("./file1", 0777) = 0
[pid 5250] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5250] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5250] chdir("./file1") = 0
[pid 5250] ioctl(4, LOOP_CLR_FD) = 0
[pid 5250] close(4) = 0
[pid 5250] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5250] creat("./file1", 000) = 4
[pid 5250] exit_group(0) = ?
[pid 5250] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./109/binderfs") = 0
umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./109/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./109/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./109") = 0
mkdir("./110", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached
<unfinished ...>
[pid 5252] set_robust_list(0x555556e60660, 24) = 0
[pid 5252] chdir("./110") = 0
[pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5252
[pid 5252] setpgid(0, 0) = 0
[pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5252] write(3, "1000", 4) = 4
[pid 5252] close(3) = 0
[pid 5252] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5252] memfd_create("syzkaller", 0) = 3
[pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5252] munmap(0x7fa868d87000, 262144) = 0
[pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 71.771654][ T5250] loop0: detected capacity change from 0 to 512
[ 71.781142][ T5250] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.794974][ T5250] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5252] close(3) = 0
[pid 5252] mkdir("./file1", 0777) = 0
[pid 5252] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5252] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5252] chdir("./file1") = 0
[pid 5252] ioctl(4, LOOP_CLR_FD) = 0
[pid 5252] close(4) = 0
[pid 5252] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5252] creat("./file1", 000) = 4
[pid 5252] exit_group(0) = ?
[pid 5252] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./110/binderfs") = 0
umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./110/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./110/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./110") = 0
mkdir("./111", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5254
./strace-static-x86_64: Process 5254 attached
[pid 5254] set_robust_list(0x555556e60660, 24) = 0
[pid 5254] chdir("./111") = 0
[pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 71.850482][ T5252] loop0: detected capacity change from 0 to 512
[ 71.860052][ T5252] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.874299][ T5252] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5254] setpgid(0, 0) = 0
[pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5254] write(3, "1000", 4) = 4
[pid 5254] close(3) = 0
[pid 5254] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5254] memfd_create("syzkaller", 0) = 3
[pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5254] munmap(0x7fa868d87000, 262144) = 0
[pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5254] close(3) = 0
[pid 5254] mkdir("./file1", 0777) = 0
[pid 5254] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5254] chdir("./file1") = 0
[pid 5254] ioctl(4, LOOP_CLR_FD) = 0
[pid 5254] close(4) = 0
[pid 5254] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5254] creat("./file1", 000) = 4
[pid 5254] exit_group(0) = ?
[pid 5254] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./111/binderfs") = 0
umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./111/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./111/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./111") = 0
mkdir("./112", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 71.943832][ T5254] loop0: detected capacity change from 0 to 512
[ 71.952540][ T5254] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 71.968699][ T5254] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5256
./strace-static-x86_64: Process 5256 attached
[pid 5256] set_robust_list(0x555556e60660, 24) = 0
[pid 5256] chdir("./112") = 0
[pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5256] setpgid(0, 0) = 0
[pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5256] write(3, "1000", 4) = 4
[pid 5256] close(3) = 0
[pid 5256] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5256] memfd_create("syzkaller", 0) = 3
[pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5256] munmap(0x7fa868d87000, 262144) = 0
[pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5256] close(3) = 0
[pid 5256] mkdir("./file1", 0777) = 0
[pid 5256] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5256] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5256] chdir("./file1") = 0
[pid 5256] ioctl(4, LOOP_CLR_FD) = 0
[pid 5256] close(4) = 0
[pid 5256] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5256] creat("./file1", 000) = 4
[pid 5256] exit_group(0) = ?
[pid 5256] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./112/binderfs") = 0
umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./112/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./112/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./112") = 0
mkdir("./113", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached
, child_tidptr=0x555556e60650) = 5258
[pid 5258] set_robust_list(0x555556e60660, 24) = 0
[pid 5258] chdir("./113") = 0
[pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5258] setpgid(0, 0) = 0
[pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5258] write(3, "1000", 4) = 4
[pid 5258] close(3) = 0
[pid 5258] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5258] memfd_create("syzkaller", 0) = 3
[pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5258] munmap(0x7fa868d87000, 262144) = 0
[pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 72.040379][ T5256] loop0: detected capacity change from 0 to 512
[ 72.050269][ T5256] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.064830][ T5256] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5258] close(3) = 0
[pid 5258] mkdir("./file1", 0777) = 0
[pid 5258] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5258] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5258] chdir("./file1") = 0
[pid 5258] ioctl(4, LOOP_CLR_FD) = 0
[pid 5258] close(4) = 0
[pid 5258] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5258] creat("./file1", 000) = 4
[pid 5258] exit_group(0) = ?
[pid 5258] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./113/binderfs") = 0
umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./113/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./113/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./113/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./113") = 0
mkdir("./114", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5260
./strace-static-x86_64: Process 5260 attached
[pid 5260] set_robust_list(0x555556e60660, 24) = 0
[pid 5260] chdir("./114") = 0
[pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5260] setpgid(0, 0) = 0
[pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5260] write(3, "1000", 4) = 4
[pid 5260] close(3) = 0
[pid 5260] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5260] memfd_create("syzkaller", 0) = 3
[ 72.097589][ T5258] loop0: detected capacity change from 0 to 512
[ 72.106211][ T5258] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.121325][ T5258] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5260] munmap(0x7fa868d87000, 262144) = 0
[pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5260] close(3) = 0
[pid 5260] mkdir("./file1", 0777) = 0
[pid 5260] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5260] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5260] chdir("./file1") = 0
[pid 5260] ioctl(4, LOOP_CLR_FD) = 0
[pid 5260] close(4) = 0
[pid 5260] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5260] creat("./file1", 000) = 4
[pid 5260] exit_group(0) = ?
[pid 5260] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./114/binderfs") = 0
umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./114/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./114/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./114/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./114") = 0
mkdir("./115", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached
, child_tidptr=0x555556e60650) = 5262
[pid 5262] set_robust_list(0x555556e60660, 24) = 0
[pid 5262] chdir("./115") = 0
[pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5262] setpgid(0, 0) = 0
[pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 72.184048][ T5260] loop0: detected capacity change from 0 to 512
[ 72.192504][ T5260] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.208040][ T5260] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5262] write(3, "1000", 4) = 4
[pid 5262] close(3) = 0
[pid 5262] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5262] memfd_create("syzkaller", 0) = 3
[pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5262] munmap(0x7fa868d87000, 262144) = 0
[pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5262] close(3) = 0
[pid 5262] mkdir("./file1", 0777) = 0
[pid 5262] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5262] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5262] chdir("./file1") = 0
[pid 5262] ioctl(4, LOOP_CLR_FD) = 0
[pid 5262] close(4) = 0
[pid 5262] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5262] creat("./file1", 000) = 4
[pid 5262] exit_group(0) = ?
[pid 5262] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./115/binderfs") = 0
umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./115/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./115/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./115/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./115") = 0
mkdir("./116", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached
, child_tidptr=0x555556e60650) = 5264
[pid 5264] set_robust_list(0x555556e60660, 24) = 0
[pid 5264] chdir("./116") = 0
[pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5264] setpgid(0, 0) = 0
[pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5264] write(3, "1000", 4) = 4
[pid 5264] close(3) = 0
[pid 5264] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5264] memfd_create("syzkaller", 0) = 3
[pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5264] munmap(0x7fa868d87000, 262144) = 0
[pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 72.270972][ T5262] loop0: detected capacity change from 0 to 512
[ 72.279500][ T5262] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.293527][ T5262] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5264] close(3) = 0
[pid 5264] mkdir("./file1", 0777) = 0
[pid 5264] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5264] chdir("./file1") = 0
[pid 5264] ioctl(4, LOOP_CLR_FD) = 0
[pid 5264] close(4) = 0
[pid 5264] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5264] creat("./file1", 000) = 4
[pid 5264] exit_group(0) = ?
[pid 5264] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./116/binderfs") = 0
umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./116/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./116/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./116/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./116") = 0
mkdir("./117", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached
, child_tidptr=0x555556e60650) = 5266
[pid 5266] set_robust_list(0x555556e60660, 24) = 0
[pid 5266] chdir("./117") = 0
[pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5266] setpgid(0, 0) = 0
[ 72.342647][ T5264] loop0: detected capacity change from 0 to 512
[ 72.353196][ T5264] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.370681][ T5264] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5266] write(3, "1000", 4) = 4
[pid 5266] close(3) = 0
[pid 5266] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5266] memfd_create("syzkaller", 0) = 3
[pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5266] munmap(0x7fa868d87000, 262144) = 0
[pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5266] close(3) = 0
[pid 5266] mkdir("./file1", 0777) = 0
[pid 5266] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5266] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5266] chdir("./file1") = 0
[pid 5266] ioctl(4, LOOP_CLR_FD) = 0
[pid 5266] close(4) = 0
[pid 5266] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5266] creat("./file1", 000) = 4
[pid 5266] exit_group(0) = ?
[pid 5266] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./117/binderfs") = 0
umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./117/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./117/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./117/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./117") = 0
mkdir("./118", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached
, child_tidptr=0x555556e60650) = 5268
[ 72.434324][ T5266] loop0: detected capacity change from 0 to 512
[ 72.443413][ T5266] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.457630][ T5266] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5268] set_robust_list(0x555556e60660, 24) = 0
[pid 5268] chdir("./118") = 0
[pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5268] setpgid(0, 0) = 0
[pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5268] write(3, "1000", 4) = 4
[pid 5268] close(3) = 0
[pid 5268] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5268] memfd_create("syzkaller", 0) = 3
[pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5268] munmap(0x7fa868d87000, 262144) = 0
[pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5268] close(3) = 0
[pid 5268] mkdir("./file1", 0777) = 0
[pid 5268] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5268] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5268] chdir("./file1") = 0
[pid 5268] ioctl(4, LOOP_CLR_FD) = 0
[pid 5268] close(4) = 0
[pid 5268] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5268] creat("./file1", 000) = 4
[pid 5268] exit_group(0) = ?
[pid 5268] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./118/binderfs") = 0
umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./118/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./118/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./118") = 0
mkdir("./119", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5270
./strace-static-x86_64: Process 5270 attached
[pid 5270] set_robust_list(0x555556e60660, 24) = 0
[pid 5270] chdir("./119") = 0
[pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5270] setpgid(0, 0) = 0
[pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5270] write(3, "1000", 4) = 4
[pid 5270] close(3) = 0
[pid 5270] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5270] memfd_create("syzkaller", 0) = 3
[pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 72.526656][ T5268] loop0: detected capacity change from 0 to 512
[ 72.536575][ T5268] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.550579][ T5268] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5270] munmap(0x7fa868d87000, 262144) = 0
[pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5270] close(3) = 0
[pid 5270] mkdir("./file1", 0777) = 0
[pid 5270] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5270] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5270] chdir("./file1") = 0
[pid 5270] ioctl(4, LOOP_CLR_FD) = 0
[pid 5270] close(4) = 0
[pid 5270] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5270] creat("./file1", 000) = 4
[pid 5270] exit_group(0) = ?
[pid 5270] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./119/binderfs") = 0
umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./119/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./119/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./119/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./119") = 0
mkdir("./120", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached
, child_tidptr=0x555556e60650) = 5272
[pid 5272] set_robust_list(0x555556e60660, 24) = 0
[pid 5272] chdir("./120") = 0
[pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5272] setpgid(0, 0) = 0
[pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5272] write(3, "1000", 4) = 4
[pid 5272] close(3) = 0
[pid 5272] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5272] memfd_create("syzkaller", 0) = 3
[pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 72.608935][ T5270] loop0: detected capacity change from 0 to 512
[ 72.620409][ T5270] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.634644][ T5270] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5272] munmap(0x7fa868d87000, 262144) = 0
[pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5272] close(3) = 0
[pid 5272] mkdir("./file1", 0777) = 0
[pid 5272] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5272] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5272] chdir("./file1") = 0
[pid 5272] ioctl(4, LOOP_CLR_FD) = 0
[pid 5272] close(4) = 0
[pid 5272] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5272] creat("./file1", 000) = 4
[pid 5272] exit_group(0) = ?
[pid 5272] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./120/binderfs") = 0
umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./120/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./120/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./120/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./120") = 0
mkdir("./121", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5274 attached
<unfinished ...>
[pid 5274] set_robust_list(0x555556e60660, 24) = 0
[pid 5274] chdir("./121") = 0
[pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5274] setpgid(0, 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5274
[pid 5274] <... setpgid resumed>) = 0
[pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5274] write(3, "1000", 4) = 4
[pid 5274] close(3) = 0
[pid 5274] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5274] memfd_create("syzkaller", 0) = 3
[pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 72.692157][ T5272] loop0: detected capacity change from 0 to 512
[ 72.701533][ T5272] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.715378][ T5272] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5274] munmap(0x7fa868d87000, 262144) = 0
[pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5274] close(3) = 0
[pid 5274] mkdir("./file1", 0777) = 0
[pid 5274] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5274] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5274] chdir("./file1") = 0
[pid 5274] ioctl(4, LOOP_CLR_FD) = 0
[pid 5274] close(4) = 0
[pid 5274] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5274] creat("./file1", 000) = 4
[pid 5274] exit_group(0) = ?
[pid 5274] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./121/binderfs") = 0
umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./121/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./121/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./121/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./121") = 0
mkdir("./122", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 72.758488][ T5274] loop0: detected capacity change from 0 to 512
[ 72.767824][ T5274] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.782764][ T5274] EXT4-fs (loop0): 1 truncate cleaned up
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5276
./strace-static-x86_64: Process 5276 attached
[pid 5276] set_robust_list(0x555556e60660, 24) = 0
[pid 5276] chdir("./122") = 0
[pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5276] setpgid(0, 0) = 0
[pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5276] write(3, "1000", 4) = 4
[pid 5276] close(3) = 0
[pid 5276] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5276] memfd_create("syzkaller", 0) = 3
[pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5276] munmap(0x7fa868d87000, 262144) = 0
[pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5276] close(3) = 0
[pid 5276] mkdir("./file1", 0777) = 0
[pid 5276] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5276] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5276] chdir("./file1") = 0
[pid 5276] ioctl(4, LOOP_CLR_FD) = 0
[pid 5276] close(4) = 0
[pid 5276] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5276] creat("./file1", 000) = 4
[pid 5276] exit_group(0) = ?
[pid 5276] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./122/binderfs") = 0
umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./122/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./122/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./122/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./122") = 0
mkdir("./123", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached
<unfinished ...>
[pid 5278] set_robust_list(0x555556e60660, 24) = 0
[pid 5278] chdir("./123") = 0
[pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5278] setpgid(0, 0) = 0
[pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5278
[pid 5278] <... openat resumed>) = 3
[pid 5278] write(3, "1000", 4) = 4
[pid 5278] close(3) = 0
[pid 5278] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5278] memfd_create("syzkaller", 0) = 3
[pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5278] munmap(0x7fa868d87000, 262144) = 0
[pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 72.845480][ T5276] loop0: detected capacity change from 0 to 512
[ 72.855121][ T5276] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.870118][ T5276] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5278] close(3) = 0
[pid 5278] mkdir("./file1", 0777) = 0
[pid 5278] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5278] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5278] chdir("./file1") = 0
[pid 5278] ioctl(4, LOOP_CLR_FD) = 0
[pid 5278] close(4) = 0
[pid 5278] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5278] creat("./file1", 000) = 4
[pid 5278] exit_group(0) = ?
[pid 5278] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./123/binderfs") = 0
umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./123/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./123/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./123/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./123") = 0
mkdir("./124", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5280
./strace-static-x86_64: Process 5280 attached
[pid 5280] set_robust_list(0x555556e60660, 24) = 0
[pid 5280] chdir("./124") = 0
[pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5280] setpgid(0, 0) = 0
[pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5280] write(3, "1000", 4) = 4
[pid 5280] close(3) = 0
[pid 5280] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5280] memfd_create("syzkaller", 0) = 3
[pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 72.920232][ T5278] loop0: detected capacity change from 0 to 512
[ 72.938773][ T5278] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 72.952943][ T5278] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5280] munmap(0x7fa868d87000, 262144) = 0
[pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5280] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5280] close(3) = 0
[pid 5280] mkdir("./file1", 0777) = 0
[pid 5280] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5280] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5280] chdir("./file1") = 0
[pid 5280] ioctl(4, LOOP_CLR_FD) = 0
[pid 5280] close(4) = 0
[pid 5280] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5280] creat("./file1", 000) = 4
[pid 5280] exit_group(0) = ?
[pid 5280] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./124/binderfs") = 0
umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./124/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./124/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./124/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./124") = 0
mkdir("./125", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5282 attached
[ 73.003991][ T5280] loop0: detected capacity change from 0 to 512
[ 73.015420][ T5280] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.033005][ T5280] EXT4-fs (loop0): 1 truncate cleaned up
<unfinished ...>
[pid 5282] set_robust_list(0x555556e60660, 24) = 0
[pid 5282] chdir("./125") = 0
[pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5282] setpgid(0, 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5282
[pid 5282] <... setpgid resumed>) = 0
[pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5282] write(3, "1000", 4) = 4
[pid 5282] close(3) = 0
[pid 5282] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5282] memfd_create("syzkaller", 0) = 3
[pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5282] munmap(0x7fa868d87000, 262144) = 0
[pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5282] close(3) = 0
[pid 5282] mkdir("./file1", 0777) = 0
[pid 5282] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5282] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5282] chdir("./file1") = 0
[pid 5282] ioctl(4, LOOP_CLR_FD) = 0
[pid 5282] close(4) = 0
[pid 5282] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5282] creat("./file1", 000) = 4
[pid 5282] exit_group(0) = ?
[pid 5282] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5282, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./125/binderfs") = 0
umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./125/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./125/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./125/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./125") = 0
mkdir("./126", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached
<unfinished ...>
[pid 5284] set_robust_list(0x555556e60660, 24) = 0
[pid 5284] chdir("./126") = 0
[pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5284] setpgid(0, 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5284
[pid 5284] <... setpgid resumed>) = 0
[pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5284] write(3, "1000", 4) = 4
[pid 5284] close(3) = 0
[pid 5284] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5284] memfd_create("syzkaller", 0) = 3
[pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 73.096092][ T5282] loop0: detected capacity change from 0 to 512
[ 73.106014][ T5282] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.120829][ T5282] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5284] munmap(0x7fa868d87000, 262144) = 0
[pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5284] close(3) = 0
[pid 5284] mkdir("./file1", 0777) = 0
[pid 5284] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5284] chdir("./file1") = 0
[pid 5284] ioctl(4, LOOP_CLR_FD) = 0
[pid 5284] close(4) = 0
[pid 5284] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5284] creat("./file1", 000) = 4
[pid 5284] exit_group(0) = ?
[pid 5284] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./126/binderfs") = 0
umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./126/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./126/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./126/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./126") = 0
mkdir("./127", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached
, child_tidptr=0x555556e60650) = 5286
[ 73.173040][ T5284] loop0: detected capacity change from 0 to 512
[ 73.182659][ T5284] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.198397][ T5284] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5286] set_robust_list(0x555556e60660, 24) = 0
[pid 5286] chdir("./127") = 0
[pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5286] setpgid(0, 0) = 0
[pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5286] write(3, "1000", 4) = 4
[pid 5286] close(3) = 0
[pid 5286] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5286] memfd_create("syzkaller", 0) = 3
[pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5286] munmap(0x7fa868d87000, 262144) = 0
[pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5286] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5286] close(3) = 0
[pid 5286] mkdir("./file1", 0777) = 0
[pid 5286] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5286] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5286] chdir("./file1") = 0
[pid 5286] ioctl(4, LOOP_CLR_FD) = 0
[pid 5286] close(4) = 0
[pid 5286] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5286] creat("./file1", 000) = 4
[pid 5286] exit_group(0) = ?
[pid 5286] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./127/binderfs") = 0
umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./127/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./127/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./127/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./127") = 0
mkdir("./128", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5288 attached
, child_tidptr=0x555556e60650) = 5288
[pid 5288] set_robust_list(0x555556e60660, 24) = 0
[pid 5288] chdir("./128") = 0
[pid 5288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5288] setpgid(0, 0) = 0
[pid 5288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5288] write(3, "1000", 4) = 4
[pid 5288] close(3) = 0
[pid 5288] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5288] memfd_create("syzkaller", 0) = 3
[pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5288] munmap(0x7fa868d87000, 262144) = 0
[pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 73.265134][ T5286] loop0: detected capacity change from 0 to 512
[ 73.274936][ T5286] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.289250][ T5286] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5288] close(3) = 0
[pid 5288] mkdir("./file1", 0777) = 0
[pid 5288] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5288] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5288] chdir("./file1") = 0
[pid 5288] ioctl(4, LOOP_CLR_FD) = 0
[pid 5288] close(4) = 0
[pid 5288] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5288] creat("./file1", 000) = 4
[pid 5288] exit_group(0) = ?
[pid 5288] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5288, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./128/binderfs") = 0
umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./128/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./128/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./128/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./128") = 0
mkdir("./129", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 73.332614][ T5288] loop0: detected capacity change from 0 to 512
[ 73.341565][ T5288] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.356422][ T5288] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5290
./strace-static-x86_64: Process 5290 attached
[pid 5290] set_robust_list(0x555556e60660, 24) = 0
[pid 5290] chdir("./129") = 0
[pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5290] setpgid(0, 0) = 0
[pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5290] write(3, "1000", 4) = 4
[pid 5290] close(3) = 0
[pid 5290] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5290] memfd_create("syzkaller", 0) = 3
[pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5290] munmap(0x7fa868d87000, 262144) = 0
[pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5290] close(3) = 0
[pid 5290] mkdir("./file1", 0777) = 0
[pid 5290] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5290] chdir("./file1") = 0
[pid 5290] ioctl(4, LOOP_CLR_FD) = 0
[pid 5290] close(4) = 0
[pid 5290] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5290] creat("./file1", 000) = 4
[pid 5290] exit_group(0) = ?
[pid 5290] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./129/binderfs") = 0
umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./129/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./129/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./129/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./129") = 0
mkdir("./130", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5292 attached
<unfinished ...>
[pid 5292] set_robust_list(0x555556e60660, 24) = 0
[pid 5292] chdir("./130") = 0
[pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5292] setpgid(0, 0) = 0
[pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5292] write(3, "1000", 4) = 4
[pid 5292] close(3) = 0
[pid 5292] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5292] memfd_create("syzkaller", 0) = 3
[pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5292] munmap(0x7fa868d87000, 262144 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5292
[pid 5292] <... munmap resumed>) = 0
[pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 73.427980][ T5290] loop0: detected capacity change from 0 to 512
[ 73.438888][ T5290] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.453986][ T5290] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5292] close(3) = 0
[pid 5292] mkdir("./file1", 0777) = 0
[pid 5292] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5292] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5292] chdir("./file1") = 0
[pid 5292] ioctl(4, LOOP_CLR_FD) = 0
[pid 5292] close(4) = 0
[pid 5292] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5292] creat("./file1", 000) = 4
[pid 5292] exit_group(0) = ?
[pid 5292] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./130/binderfs") = 0
umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./130/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./130/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./130/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./130") = 0
mkdir("./131", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5294 attached
, child_tidptr=0x555556e60650) = 5294
[pid 5294] set_robust_list(0x555556e60660, 24) = 0
[pid 5294] chdir("./131") = 0
[pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5294] setpgid(0, 0) = 0
[pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5294] write(3, "1000", 4) = 4
[pid 5294] close(3) = 0
[pid 5294] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5294] memfd_create("syzkaller", 0) = 3
[pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 73.494659][ T5292] loop0: detected capacity change from 0 to 512
[ 73.504123][ T5292] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.519980][ T5292] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5294] munmap(0x7fa868d87000, 262144) = 0
[pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5294] close(3) = 0
[pid 5294] mkdir("./file1", 0777) = 0
[pid 5294] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5294] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5294] chdir("./file1") = 0
[pid 5294] ioctl(4, LOOP_CLR_FD) = 0
[pid 5294] close(4) = 0
[pid 5294] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5294] creat("./file1", 000) = 4
[pid 5294] exit_group(0) = ?
[pid 5294] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./131/binderfs") = 0
umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./131/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./131/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./131/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./131") = 0
mkdir("./132", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached
, child_tidptr=0x555556e60650) = 5296
[pid 5296] set_robust_list(0x555556e60660, 24) = 0
[pid 5296] chdir("./132") = 0
[pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5296] setpgid(0, 0) = 0
[pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5296] write(3, "1000", 4) = 4
[pid 5296] close(3) = 0
[pid 5296] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5296] memfd_create("syzkaller", 0) = 3
[pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5296] munmap(0x7fa868d87000, 262144) = 0
[pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 73.586894][ T5294] loop0: detected capacity change from 0 to 512
[ 73.595553][ T5294] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.610132][ T5294] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5296] close(3) = 0
[pid 5296] mkdir("./file1", 0777) = 0
[pid 5296] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5296] chdir("./file1") = 0
[pid 5296] ioctl(4, LOOP_CLR_FD) = 0
[pid 5296] close(4) = 0
[pid 5296] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5296] creat("./file1", 000) = 4
[pid 5296] exit_group(0) = ?
[pid 5296] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./132/binderfs") = 0
umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./132/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./132/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./132/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./132") = 0
mkdir("./133", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached
, child_tidptr=0x555556e60650) = 5298
[pid 5298] set_robust_list(0x555556e60660, 24) = 0
[pid 5298] chdir("./133") = 0
[pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5298] setpgid(0, 0) = 0
[pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5298] write(3, "1000", 4) = 4
[pid 5298] close(3) = 0
[pid 5298] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5298] memfd_create("syzkaller", 0) = 3
[pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5298] munmap(0x7fa868d87000, 262144) = 0
[ 73.649392][ T5296] loop0: detected capacity change from 0 to 512
[ 73.659339][ T5296] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.677690][ T5296] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5298] close(3) = 0
[pid 5298] mkdir("./file1", 0777) = 0
[pid 5298] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5298] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5298] chdir("./file1") = 0
[pid 5298] ioctl(4, LOOP_CLR_FD) = 0
[pid 5298] close(4) = 0
[pid 5298] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5298] creat("./file1", 000) = 4
[pid 5298] exit_group(0) = ?
[pid 5298] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./133/binderfs") = 0
umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./133/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./133/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./133/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./133") = 0
mkdir("./134", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5300
./strace-static-x86_64: Process 5300 attached
[pid 5300] set_robust_list(0x555556e60660, 24) = 0
[pid 5300] chdir("./134") = 0
[pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5300] setpgid(0, 0) = 0
[pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5300] write(3, "1000", 4) = 4
[ 73.730399][ T5298] loop0: detected capacity change from 0 to 512
[ 73.740050][ T5298] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.754339][ T5298] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5300] close(3) = 0
[pid 5300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5300] memfd_create("syzkaller", 0) = 3
[pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5300] munmap(0x7fa868d87000, 262144) = 0
[pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5300] close(3) = 0
[pid 5300] mkdir("./file1", 0777) = 0
[pid 5300] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5300] chdir("./file1") = 0
[pid 5300] ioctl(4, LOOP_CLR_FD) = 0
[pid 5300] close(4) = 0
[pid 5300] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5300] creat("./file1", 000) = 4
[pid 5300] exit_group(0) = ?
[pid 5300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./134/binderfs") = 0
umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./134/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./134/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./134/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./134") = 0
mkdir("./135", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5302 attached
, child_tidptr=0x555556e60650) = 5302
[pid 5302] set_robust_list(0x555556e60660, 24) = 0
[pid 5302] chdir("./135") = 0
[pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5302] setpgid(0, 0) = 0
[pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5302] write(3, "1000", 4) = 4
[pid 5302] close(3) = 0
[pid 5302] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5302] memfd_create("syzkaller", 0) = 3
[pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5302] munmap(0x7fa868d87000, 262144) = 0
[pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 73.832377][ T5300] loop0: detected capacity change from 0 to 512
[ 73.841029][ T5300] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.855667][ T5300] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5302] close(3) = 0
[pid 5302] mkdir("./file1", 0777) = 0
[pid 5302] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5302] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5302] chdir("./file1") = 0
[pid 5302] ioctl(4, LOOP_CLR_FD) = 0
[pid 5302] close(4) = 0
[pid 5302] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5302] creat("./file1", 000) = 4
[pid 5302] exit_group(0) = ?
[pid 5302] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./135/binderfs") = 0
umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./135/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./135/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./135/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./135") = 0
mkdir("./136", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached
, child_tidptr=0x555556e60650) = 5305
[pid 5305] set_robust_list(0x555556e60660, 24) = 0
[pid 5305] chdir("./136") = 0
[pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5305] setpgid(0, 0) = 0
[pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5305] write(3, "1000", 4) = 4
[pid 5305] close(3) = 0
[pid 5305] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5305] memfd_create("syzkaller", 0) = 3
[pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5305] munmap(0x7fa868d87000, 262144) = 0
[ 73.908276][ T5302] loop0: detected capacity change from 0 to 512
[ 73.917596][ T5302] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 73.932696][ T5302] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5305] close(3) = 0
[pid 5305] mkdir("./file1", 0777) = 0
[pid 5305] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5305] chdir("./file1") = 0
[pid 5305] ioctl(4, LOOP_CLR_FD) = 0
[pid 5305] close(4) = 0
[pid 5305] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5305] creat("./file1", 000) = 4
[pid 5305] exit_group(0) = ?
[pid 5305] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./136/binderfs") = 0
umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./136/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./136/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./136/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./136") = 0
mkdir("./137", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5307 attached
<unfinished ...>
[pid 5307] set_robust_list(0x555556e60660, 24) = 0
[pid 5307] chdir("./137") = 0
[pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5307] setpgid(0, 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5307
[pid 5307] <... setpgid resumed>) = 0
[pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5307] write(3, "1000", 4) = 4
[pid 5307] close(3) = 0
[pid 5307] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5307] memfd_create("syzkaller", 0) = 3
[pid 5307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 73.997837][ T5305] loop0: detected capacity change from 0 to 512
[ 74.007479][ T5305] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.021687][ T5305] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5307] munmap(0x7fa868d87000, 262144) = 0
[pid 5307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5307] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5307] close(3) = 0
[pid 5307] mkdir("./file1", 0777) = 0
[pid 5307] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5307] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5307] chdir("./file1") = 0
[pid 5307] ioctl(4, LOOP_CLR_FD) = 0
[pid 5307] close(4) = 0
[pid 5307] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5307] creat("./file1", 000) = 4
[pid 5307] exit_group(0) = ?
[pid 5307] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5307, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./137/binderfs") = 0
umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./137/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./137/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./137/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./137") = 0
mkdir("./138", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached
, child_tidptr=0x555556e60650) = 5309
[pid 5309] set_robust_list(0x555556e60660, 24) = 0
[pid 5309] chdir("./138") = 0
[pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5309] setpgid(0, 0) = 0
[pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5309] write(3, "1000", 4) = 4
[pid 5309] close(3) = 0
[pid 5309] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5309] memfd_create("syzkaller", 0) = 3
[pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 74.082191][ T5307] loop0: detected capacity change from 0 to 512
[ 74.090709][ T5307] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.105322][ T5307] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5309] munmap(0x7fa868d87000, 262144) = 0
[pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5309] close(3) = 0
[pid 5309] mkdir("./file1", 0777) = 0
[pid 5309] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5309] chdir("./file1") = 0
[pid 5309] ioctl(4, LOOP_CLR_FD) = 0
[pid 5309] close(4) = 0
[pid 5309] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5309] creat("./file1", 000) = 4
[pid 5309] exit_group(0) = ?
[pid 5309] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./138/binderfs") = 0
umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./138/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./138/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./138/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./138") = 0
mkdir("./139", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached
, child_tidptr=0x555556e60650) = 5311
[pid 5311] set_robust_list(0x555556e60660, 24) = 0
[pid 5311] chdir("./139") = 0
[pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5311] setpgid(0, 0) = 0
[pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5311] write(3, "1000", 4) = 4
[pid 5311] close(3) = 0
[pid 5311] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5311] memfd_create("syzkaller", 0) = 3
[pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 74.163453][ T5309] loop0: detected capacity change from 0 to 512
[ 74.174094][ T5309] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.188106][ T5309] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5311] munmap(0x7fa868d87000, 262144) = 0
[pid 5311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5311] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5311] close(3) = 0
[pid 5311] mkdir("./file1", 0777) = 0
[pid 5311] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5311] chdir("./file1") = 0
[pid 5311] ioctl(4, LOOP_CLR_FD) = 0
[pid 5311] close(4) = 0
[pid 5311] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5311] creat("./file1", 000) = 4
[pid 5311] exit_group(0) = ?
[pid 5311] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./139/binderfs") = 0
umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./139/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./139/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./139/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./139") = 0
mkdir("./140", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached
<unfinished ...>
[pid 5313] set_robust_list(0x555556e60660, 24 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5313
[pid 5313] <... set_robust_list resumed>) = 0
[pid 5313] chdir("./140") = 0
[pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5313] setpgid(0, 0) = 0
[pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5313] write(3, "1000", 4) = 4
[pid 5313] close(3) = 0
[pid 5313] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5313] memfd_create("syzkaller", 0) = 3
[pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 74.244996][ T5311] loop0: detected capacity change from 0 to 512
[ 74.253216][ T5311] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.268749][ T5311] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5313] munmap(0x7fa868d87000, 262144) = 0
[pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5313] close(3) = 0
[pid 5313] mkdir("./file1", 0777) = 0
[pid 5313] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5313] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5313] chdir("./file1") = 0
[pid 5313] ioctl(4, LOOP_CLR_FD) = 0
[pid 5313] close(4) = 0
[pid 5313] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5313] creat("./file1", 000) = 4
[pid 5313] exit_group(0) = ?
[pid 5313] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./140/binderfs") = 0
umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./140/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./140/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./140/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./140") = 0
mkdir("./141", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5315 attached
, child_tidptr=0x555556e60650) = 5315
[pid 5315] set_robust_list(0x555556e60660, 24) = 0
[pid 5315] chdir("./141") = 0
[pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5315] setpgid(0, 0) = 0
[pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5315] write(3, "1000", 4) = 4
[pid 5315] close(3) = 0
[pid 5315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5315] memfd_create("syzkaller", 0) = 3
[pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 74.328928][ T5313] loop0: detected capacity change from 0 to 512
[ 74.337225][ T5313] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.351362][ T5313] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5315] munmap(0x7fa868d87000, 262144) = 0
[pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5315] close(3) = 0
[pid 5315] mkdir("./file1", 0777) = 0
[pid 5315] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5315] chdir("./file1") = 0
[pid 5315] ioctl(4, LOOP_CLR_FD) = 0
[pid 5315] close(4) = 0
[pid 5315] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5315] creat("./file1", 000) = 4
[pid 5315] exit_group(0) = ?
[pid 5315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./141/binderfs") = 0
umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./141/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./141/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./141/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./141") = 0
mkdir("./142", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached
, child_tidptr=0x555556e60650) = 5317
[pid 5317] set_robust_list(0x555556e60660, 24) = 0
[pid 5317] chdir("./142") = 0
[pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5317] setpgid(0, 0) = 0
[pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5317] write(3, "1000", 4) = 4
[pid 5317] close(3) = 0
[pid 5317] symlink("/dev/binderfs", "./binderfs") = 0
[ 74.412026][ T5315] loop0: detected capacity change from 0 to 512
[ 74.421366][ T5315] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.435362][ T5315] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5317] memfd_create("syzkaller", 0) = 3
[pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5317] munmap(0x7fa868d87000, 262144) = 0
[pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5317] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5317] close(3) = 0
[pid 5317] mkdir("./file1", 0777) = 0
[pid 5317] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5317] chdir("./file1") = 0
[pid 5317] ioctl(4, LOOP_CLR_FD) = 0
[pid 5317] close(4) = 0
[pid 5317] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5317] creat("./file1", 000) = 4
[pid 5317] exit_group(0) = ?
[pid 5317] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./142/binderfs") = 0
umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./142/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./142/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./142/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./142") = 0
mkdir("./143", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached
<unfinished ...>
[pid 5319] set_robust_list(0x555556e60660, 24) = 0
[pid 5319] chdir("./143") = 0
[pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5319] setpgid(0, 0) = 0
[pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5319
[pid 5319] write(3, "1000", 4) = 4
[pid 5319] close(3) = 0
[pid 5319] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5319] memfd_create("syzkaller", 0) = 3
[ 74.498507][ T5317] loop0: detected capacity change from 0 to 512
[ 74.508302][ T5317] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.521881][ T5317] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5319] munmap(0x7fa868d87000, 262144) = 0
[pid 5319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5319] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5319] close(3) = 0
[pid 5319] mkdir("./file1", 0777) = 0
[pid 5319] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5319] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5319] chdir("./file1") = 0
[pid 5319] ioctl(4, LOOP_CLR_FD) = 0
[pid 5319] close(4) = 0
[pid 5319] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5319] creat("./file1", 000) = 4
[pid 5319] exit_group(0) = ?
[pid 5319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./143/binderfs") = 0
umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./143/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./143/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./143/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./143") = 0
mkdir("./144", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached
, child_tidptr=0x555556e60650) = 5321
[pid 5321] set_robust_list(0x555556e60660, 24) = 0
[pid 5321] chdir("./144") = 0
[pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5321] setpgid(0, 0) = 0
[pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5321] write(3, "1000", 4) = 4
[pid 5321] close(3) = 0
[pid 5321] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5321] memfd_create("syzkaller", 0) = 3
[pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 74.583228][ T5319] loop0: detected capacity change from 0 to 512
[ 74.592226][ T5319] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.606553][ T5319] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5321] munmap(0x7fa868d87000, 262144) = 0
[pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5321] close(3) = 0
[pid 5321] mkdir("./file1", 0777) = 0
[pid 5321] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5321] chdir("./file1") = 0
[pid 5321] ioctl(4, LOOP_CLR_FD) = 0
[pid 5321] close(4) = 0
[pid 5321] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5321] creat("./file1", 000) = 4
[pid 5321] exit_group(0) = ?
[pid 5321] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./144/binderfs") = 0
umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./144/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./144/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 74.669813][ T5321] loop0: detected capacity change from 0 to 512
[ 74.680553][ T5321] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.696506][ T5321] EXT4-fs (loop0): 1 truncate cleaned up
rmdir("./144/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./144") = 0
mkdir("./145", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached
, child_tidptr=0x555556e60650) = 5323
[pid 5323] set_robust_list(0x555556e60660, 24) = 0
[pid 5323] chdir("./145") = 0
[pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5323] setpgid(0, 0) = 0
[pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5323] write(3, "1000", 4) = 4
[pid 5323] close(3) = 0
[pid 5323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5323] memfd_create("syzkaller", 0) = 3
[pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5323] munmap(0x7fa868d87000, 262144) = 0
[pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5323] close(3) = 0
[pid 5323] mkdir("./file1", 0777) = 0
[pid 5323] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5323] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5323] chdir("./file1") = 0
[pid 5323] ioctl(4, LOOP_CLR_FD) = 0
[pid 5323] close(4) = 0
[pid 5323] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5323] creat("./file1", 000) = 4
[pid 5323] exit_group(0) = ?
[pid 5323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./145/binderfs") = 0
umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./145/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./145/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./145/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./145") = 0
mkdir("./146", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5325 attached
, child_tidptr=0x555556e60650) = 5325
[pid 5325] set_robust_list(0x555556e60660, 24) = 0
[pid 5325] chdir("./146") = 0
[pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5325] setpgid(0, 0) = 0
[pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5325] write(3, "1000", 4) = 4
[pid 5325] close(3) = 0
[pid 5325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5325] memfd_create("syzkaller", 0) = 3
[pid 5325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5325] munmap(0x7fa868d87000, 262144) = 0
[pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.784529][ T5323] loop0: detected capacity change from 0 to 512
[ 74.793881][ T5323] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.808840][ T5323] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5325] close(3) = 0
[pid 5325] mkdir("./file1", 0777) = 0
[pid 5325] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5325] chdir("./file1") = 0
[pid 5325] ioctl(4, LOOP_CLR_FD) = 0
[pid 5325] close(4) = 0
[pid 5325] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5325] creat("./file1", 000) = 4
[pid 5325] exit_group(0) = ?
[pid 5325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./146/binderfs") = 0
umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./146/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./146/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./146/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./146") = 0
mkdir("./147", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5327 attached
, child_tidptr=0x555556e60650) = 5327
[pid 5327] set_robust_list(0x555556e60660, 24) = 0
[pid 5327] chdir("./147") = 0
[pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5327] setpgid(0, 0) = 0
[pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5327] write(3, "1000", 4) = 4
[pid 5327] close(3) = 0
[pid 5327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5327] memfd_create("syzkaller", 0) = 3
[pid 5327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5327] munmap(0x7fa868d87000, 262144) = 0
[pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.855944][ T5325] loop0: detected capacity change from 0 to 512
[ 74.868025][ T5325] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.882760][ T5325] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5327] close(3) = 0
[pid 5327] mkdir("./file1", 0777) = 0
[pid 5327] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5327] chdir("./file1") = 0
[pid 5327] ioctl(4, LOOP_CLR_FD) = 0
[pid 5327] close(4) = 0
[pid 5327] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5327] creat("./file1", 000) = 4
[pid 5327] exit_group(0) = ?
[pid 5327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./147/binderfs") = 0
umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./147/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./147/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./147/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./147") = 0
mkdir("./148", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached
, child_tidptr=0x555556e60650) = 5329
[pid 5329] set_robust_list(0x555556e60660, 24) = 0
[pid 5329] chdir("./148") = 0
[pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5329] setpgid(0, 0) = 0
[pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5329] write(3, "1000", 4) = 4
[pid 5329] close(3) = 0
[pid 5329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5329] memfd_create("syzkaller", 0) = 3
[ 74.929963][ T5327] loop0: detected capacity change from 0 to 512
[ 74.939048][ T5327] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 74.953397][ T5327] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5329] munmap(0x7fa868d87000, 262144) = 0
[pid 5329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5329] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5329] close(3) = 0
[pid 5329] mkdir("./file1", 0777) = 0
[pid 5329] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5329] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5329] chdir("./file1") = 0
[pid 5329] ioctl(4, LOOP_CLR_FD) = 0
[pid 5329] close(4) = 0
[pid 5329] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5329] creat("./file1", 000) = 4
[pid 5329] exit_group(0) = ?
[pid 5329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./148/binderfs") = 0
umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./148/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./148/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./148/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./148/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./148") = 0
mkdir("./149", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5331
./strace-static-x86_64: Process 5331 attached
[pid 5331] set_robust_list(0x555556e60660, 24) = 0
[pid 5331] chdir("./149") = 0
[pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5331] setpgid(0, 0) = 0
[pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5331] write(3, "1000", 4) = 4
[pid 5331] close(3) = 0
[pid 5331] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5331] memfd_create("syzkaller", 0) = 3
[pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5331] munmap(0x7fa868d87000, 262144) = 0
[pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.025138][ T5329] loop0: detected capacity change from 0 to 512
[ 75.034199][ T5329] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.048825][ T5329] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5331] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5331] close(3) = 0
[pid 5331] mkdir("./file1", 0777) = 0
[pid 5331] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5331] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5331] chdir("./file1") = 0
[pid 5331] ioctl(4, LOOP_CLR_FD) = 0
[pid 5331] close(4) = 0
[pid 5331] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5331] creat("./file1", 000) = 4
[pid 5331] exit_group(0) = ?
[pid 5331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./149/binderfs") = 0
umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./149/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./149/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./149/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./149/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./149") = 0
mkdir("./150", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5333
./strace-static-x86_64: Process 5333 attached
[ 75.097355][ T5331] loop0: detected capacity change from 0 to 512
[ 75.112299][ T5331] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.128469][ T5331] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5333] set_robust_list(0x555556e60660, 24) = 0
[pid 5333] chdir("./150") = 0
[pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5333] setpgid(0, 0) = 0
[pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5333] write(3, "1000", 4) = 4
[pid 5333] close(3) = 0
[pid 5333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5333] memfd_create("syzkaller", 0) = 3
[pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5333] munmap(0x7fa868d87000, 262144) = 0
[pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5333] close(3) = 0
[pid 5333] mkdir("./file1", 0777) = 0
[pid 5333] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5333] chdir("./file1") = 0
[pid 5333] ioctl(4, LOOP_CLR_FD) = 0
[pid 5333] close(4) = 0
[pid 5333] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5333] creat("./file1", 000) = 4
[pid 5333] exit_group(0) = ?
[pid 5333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./150/binderfs") = 0
umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./150/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./150/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./150/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./150/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./150") = 0
mkdir("./151", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5335 attached
, child_tidptr=0x555556e60650) = 5335
[pid 5335] set_robust_list(0x555556e60660, 24) = 0
[pid 5335] chdir("./151") = 0
[pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5335] setpgid(0, 0) = 0
[pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5335] write(3, "1000", 4) = 4
[pid 5335] close(3) = 0
[pid 5335] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5335] memfd_create("syzkaller", 0) = 3
[pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 75.186476][ T5333] loop0: detected capacity change from 0 to 512
[ 75.195849][ T5333] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.210245][ T5333] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5335] munmap(0x7fa868d87000, 262144) = 0
[pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5335] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5335] close(3) = 0
[pid 5335] mkdir("./file1", 0777) = 0
[pid 5335] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5335] chdir("./file1") = 0
[pid 5335] ioctl(4, LOOP_CLR_FD) = 0
[pid 5335] close(4) = 0
[pid 5335] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5335] creat("./file1", 000) = 4
[pid 5335] exit_group(0) = ?
[pid 5335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./151/binderfs") = 0
umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./151/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./151/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./151/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./151/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./151") = 0
mkdir("./152", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5337
./strace-static-x86_64: Process 5337 attached
[pid 5337] set_robust_list(0x555556e60660, 24) = 0
[pid 5337] chdir("./152") = 0
[pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5337] setpgid(0, 0) = 0
[pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5337] write(3, "1000", 4) = 4
[pid 5337] close(3) = 0
[pid 5337] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5337] memfd_create("syzkaller", 0) = 3
[pid 5337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5337] munmap(0x7fa868d87000, 262144) = 0
[pid 5337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.270143][ T5335] loop0: detected capacity change from 0 to 512
[ 75.281069][ T5335] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.297509][ T5335] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5337] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5337] close(3) = 0
[pid 5337] mkdir("./file1", 0777) = 0
[pid 5337] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5337] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5337] chdir("./file1") = 0
[pid 5337] ioctl(4, LOOP_CLR_FD) = 0
[pid 5337] close(4) = 0
[pid 5337] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5337] creat("./file1", 000) = 4
[pid 5337] exit_group(0) = ?
[pid 5337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./152/binderfs") = 0
umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./152/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./152/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./152/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./152/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./152") = 0
mkdir("./153", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5339 attached
, child_tidptr=0x555556e60650) = 5339
[pid 5339] set_robust_list(0x555556e60660, 24) = 0
[pid 5339] chdir("./153") = 0
[pid 5339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5339] setpgid(0, 0) = 0
[pid 5339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5339] write(3, "1000", 4) = 4
[pid 5339] close(3) = 0
[pid 5339] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5339] memfd_create("syzkaller", 0) = 3
[pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5339] munmap(0x7fa868d87000, 262144) = 0
[pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.338339][ T5337] loop0: detected capacity change from 0 to 512
[ 75.348162][ T5337] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.362391][ T5337] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5339] close(3) = 0
[pid 5339] mkdir("./file1", 0777) = 0
[pid 5339] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5339] chdir("./file1") = 0
[pid 5339] ioctl(4, LOOP_CLR_FD) = 0
[pid 5339] close(4) = 0
[pid 5339] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5339] creat("./file1", 000) = 4
[pid 5339] exit_group(0) = ?
[pid 5339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5339, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./153/binderfs") = 0
umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./153/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./153/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./153/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./153/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./153") = 0
mkdir("./154", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached
, child_tidptr=0x555556e60650) = 5341
[pid 5341] set_robust_list(0x555556e60660, 24) = 0
[ 75.413127][ T5339] loop0: detected capacity change from 0 to 512
[ 75.422482][ T5339] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.437453][ T5339] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5341] chdir("./154") = 0
[pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5341] setpgid(0, 0) = 0
[pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5341] write(3, "1000", 4) = 4
[pid 5341] close(3) = 0
[pid 5341] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5341] memfd_create("syzkaller", 0) = 3
[pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5341] munmap(0x7fa868d87000, 262144) = 0
[pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5341] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5341] close(3) = 0
[pid 5341] mkdir("./file1", 0777) = 0
[pid 5341] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5341] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5341] chdir("./file1") = 0
[pid 5341] ioctl(4, LOOP_CLR_FD) = 0
[pid 5341] close(4) = 0
[pid 5341] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5341] creat("./file1", 000) = 4
[pid 5341] exit_group(0) = ?
[pid 5341] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./154/binderfs") = 0
umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./154/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./154/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./154/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./154/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 75.503951][ T5341] loop0: detected capacity change from 0 to 512
[ 75.514523][ T5341] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.532186][ T5341] EXT4-fs (loop0): 1 truncate cleaned up
rmdir("./154") = 0
mkdir("./155", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5343 attached
<unfinished ...>
[pid 5343] set_robust_list(0x555556e60660, 24) = 0
[pid 5343] chdir("./155") = 0
[pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5343] setpgid(0, 0) = 0
[pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5343] write(3, "1000", 4) = 4
[pid 5343] close(3) = 0
[pid 5343] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5343] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5026] <... clone resumed>, child_tidptr=0x555556e60650) = 5343
[pid 5343] <... memfd_create resumed>) = 3
[pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5343] munmap(0x7fa868d87000, 262144) = 0
[pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5343] close(3) = 0
[pid 5343] mkdir("./file1", 0777) = 0
[pid 5343] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5343] chdir("./file1") = 0
[pid 5343] ioctl(4, LOOP_CLR_FD) = 0
[pid 5343] close(4) = 0
[pid 5343] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5343] creat("./file1", 000) = 4
[pid 5343] exit_group(0) = ?
[pid 5343] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./155/binderfs") = 0
umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./155/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./155/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./155/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./155/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./155") = 0
mkdir("./156", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5345
./strace-static-x86_64: Process 5345 attached
[pid 5345] set_robust_list(0x555556e60660, 24) = 0
[pid 5345] chdir("./156") = 0
[pid 5345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5345] setpgid(0, 0) = 0
[pid 5345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5345] write(3, "1000", 4) = 4
[pid 5345] close(3) = 0
[pid 5345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5345] memfd_create("syzkaller", 0) = 3
[pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 75.596046][ T5343] loop0: detected capacity change from 0 to 512
[ 75.604896][ T5343] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.619922][ T5343] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5345] munmap(0x7fa868d87000, 262144) = 0
[pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5345] close(3) = 0
[pid 5345] mkdir("./file1", 0777) = 0
[pid 5345] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5345] chdir("./file1") = 0
[pid 5345] ioctl(4, LOOP_CLR_FD) = 0
[pid 5345] close(4) = 0
[pid 5345] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5345] creat("./file1", 000) = 4
[pid 5345] exit_group(0) = ?
[pid 5345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5345, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./156/binderfs") = 0
umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./156/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./156/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./156/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./156/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./156") = 0
mkdir("./157", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5347
./strace-static-x86_64: Process 5347 attached
[pid 5347] set_robust_list(0x555556e60660, 24) = 0
[pid 5347] chdir("./157") = 0
[pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5347] setpgid(0, 0) = 0
[pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5347] write(3, "1000", 4) = 4
[pid 5347] close(3) = 0
[pid 5347] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5347] memfd_create("syzkaller", 0) = 3
[pid 5347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5347] munmap(0x7fa868d87000, 262144) = 0
[pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.679284][ T5345] loop0: detected capacity change from 0 to 512
[ 75.689460][ T5345] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.703458][ T5345] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5347] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5347] close(3) = 0
[pid 5347] mkdir("./file1", 0777) = 0
[pid 5347] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5347] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5347] chdir("./file1") = 0
[pid 5347] ioctl(4, LOOP_CLR_FD) = 0
[pid 5347] close(4) = 0
[pid 5347] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5347] creat("./file1", 000) = 4
[pid 5347] exit_group(0) = ?
[pid 5347] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./157/binderfs") = 0
umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./157/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./157/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./157/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./157/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./157") = 0
mkdir("./158", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 75.758223][ T5347] loop0: detected capacity change from 0 to 512
[ 75.766385][ T5347] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.781928][ T5347] EXT4-fs (loop0): 1 truncate cleaned up
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5349 attached
, child_tidptr=0x555556e60650) = 5349
[pid 5349] set_robust_list(0x555556e60660, 24) = 0
[pid 5349] chdir("./158") = 0
[pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5349] setpgid(0, 0) = 0
[pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5349] write(3, "1000", 4) = 4
[pid 5349] close(3) = 0
[pid 5349] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5349] memfd_create("syzkaller", 0) = 3
[pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5349] munmap(0x7fa868d87000, 262144) = 0
[pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5349] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5349] close(3) = 0
[pid 5349] mkdir("./file1", 0777) = 0
[pid 5349] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5349] chdir("./file1") = 0
[pid 5349] ioctl(4, LOOP_CLR_FD) = 0
[pid 5349] close(4) = 0
[pid 5349] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5349] creat("./file1", 000) = 4
[pid 5349] exit_group(0) = ?
[pid 5349] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./158/binderfs") = 0
umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./158/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./158/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./158/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./158/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./158") = 0
mkdir("./159", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5351
./strace-static-x86_64: Process 5351 attached
[pid 5351] set_robust_list(0x555556e60660, 24) = 0
[pid 5351] chdir("./159") = 0
[pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5351] setpgid(0, 0) = 0
[pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5351] write(3, "1000", 4) = 4
[pid 5351] close(3) = 0
[pid 5351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5351] memfd_create("syzkaller", 0) = 3
[pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5351] munmap(0x7fa868d87000, 262144) = 0
[pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.850538][ T5349] loop0: detected capacity change from 0 to 512
[ 75.860534][ T5349] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.874585][ T5349] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5351] close(3) = 0
[pid 5351] mkdir("./file1", 0777) = 0
[pid 5351] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5351] chdir("./file1") = 0
[pid 5351] ioctl(4, LOOP_CLR_FD) = 0
[pid 5351] close(4) = 0
[pid 5351] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5351] creat("./file1", 000) = 4
[pid 5351] exit_group(0) = ?
[pid 5351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./159/binderfs") = 0
umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./159/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./159/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./159/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./159/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./159") = 0
mkdir("./160", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5353 attached
, child_tidptr=0x555556e60650) = 5353
[pid 5353] set_robust_list(0x555556e60660, 24) = 0
[pid 5353] chdir("./160") = 0
[pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5353] setpgid(0, 0) = 0
[pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5353] write(3, "1000", 4) = 4
[pid 5353] close(3) = 0
[pid 5353] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5353] memfd_create("syzkaller", 0) = 3
[pid 5353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5353] munmap(0x7fa868d87000, 262144) = 0
[pid 5353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.926665][ T5351] loop0: detected capacity change from 0 to 512
[ 75.938221][ T5351] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 75.952738][ T5351] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5353] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5353] close(3) = 0
[pid 5353] mkdir("./file1", 0777) = 0
[pid 5353] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5353] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5353] chdir("./file1") = 0
[pid 5353] ioctl(4, LOOP_CLR_FD) = 0
[pid 5353] close(4) = 0
[pid 5353] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5353] creat("./file1", 000) = 4
[pid 5353] exit_group(0) = ?
[pid 5353] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./160/binderfs") = 0
umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./160/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./160/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./160/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./160/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./160") = 0
mkdir("./161", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5355 attached
, child_tidptr=0x555556e60650) = 5355
[pid 5355] set_robust_list(0x555556e60660, 24) = 0
[pid 5355] chdir("./161") = 0
[pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5355] setpgid(0, 0) = 0
[pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5355] write(3, "1000", 4) = 4
[pid 5355] close(3) = 0
[pid 5355] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5355] memfd_create("syzkaller", 0) = 3
[pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5355] munmap(0x7fa868d87000, 262144) = 0
[pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 76.000425][ T5353] loop0: detected capacity change from 0 to 512
[ 76.009516][ T5353] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.023848][ T5353] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5355] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5355] close(3) = 0
[pid 5355] mkdir("./file1", 0777) = 0
[pid 5355] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5355] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5355] chdir("./file1") = 0
[pid 5355] ioctl(4, LOOP_CLR_FD) = 0
[pid 5355] close(4) = 0
[pid 5355] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5355] creat("./file1", 000) = 4
[pid 5355] exit_group(0) = ?
[pid 5355] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5355, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./161/binderfs") = 0
umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./161/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./161/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./161/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./161/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./161") = 0
mkdir("./162", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5357
./strace-static-x86_64: Process 5357 attached
[pid 5357] set_robust_list(0x555556e60660, 24) = 0
[pid 5357] chdir("./162") = 0
[pid 5357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5357] setpgid(0, 0) = 0
[pid 5357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5357] write(3, "1000", 4) = 4
[pid 5357] close(3) = 0
[pid 5357] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5357] memfd_create("syzkaller", 0) = 3
[pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5357] munmap(0x7fa868d87000, 262144) = 0
[pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 76.069896][ T5355] loop0: detected capacity change from 0 to 512
[ 76.080282][ T5355] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.095768][ T5355] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5357] close(3) = 0
[pid 5357] mkdir("./file1", 0777) = 0
[pid 5357] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5357] chdir("./file1") = 0
[pid 5357] ioctl(4, LOOP_CLR_FD) = 0
[pid 5357] close(4) = 0
[pid 5357] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5357] creat("./file1", 000) = 4
[pid 5357] exit_group(0) = ?
[pid 5357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5357, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./162/binderfs") = 0
umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./162/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./162/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./162/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./162/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./162") = 0
mkdir("./163", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5359 attached
, child_tidptr=0x555556e60650) = 5359
[pid 5359] set_robust_list(0x555556e60660, 24) = 0
[pid 5359] chdir("./163") = 0
[pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5359] setpgid(0, 0) = 0
[pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5359] write(3, "1000", 4) = 4
[pid 5359] close(3) = 0
[pid 5359] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5359] memfd_create("syzkaller", 0) = 3
[pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5359] munmap(0x7fa868d87000, 262144) = 0
[ 76.149771][ T5357] loop0: detected capacity change from 0 to 512
[ 76.158947][ T5357] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.173241][ T5357] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5359] close(3) = 0
[pid 5359] mkdir("./file1", 0777) = 0
[pid 5359] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5359] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5359] chdir("./file1") = 0
[pid 5359] ioctl(4, LOOP_CLR_FD) = 0
[pid 5359] close(4) = 0
[pid 5359] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5359] creat("./file1", 000) = 4
[pid 5359] exit_group(0) = ?
[pid 5359] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./163/binderfs") = 0
umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./163/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./163/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./163/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./163/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./163") = 0
mkdir("./164", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5361
./strace-static-x86_64: Process 5361 attached
[pid 5361] set_robust_list(0x555556e60660, 24) = 0
[pid 5361] chdir("./164") = 0
[pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5361] setpgid(0, 0) = 0
[pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5361] write(3, "1000", 4) = 4
[pid 5361] close(3) = 0
[pid 5361] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5361] memfd_create("syzkaller", 0) = 3
[pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[ 76.227918][ T5359] loop0: detected capacity change from 0 to 512
[ 76.236539][ T5359] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.252170][ T5359] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5361] munmap(0x7fa868d87000, 262144) = 0
[pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5361] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5361] close(3) = 0
[pid 5361] mkdir("./file1", 0777) = 0
[pid 5361] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5361] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5361] chdir("./file1") = 0
[pid 5361] ioctl(4, LOOP_CLR_FD) = 0
[pid 5361] close(4) = 0
[pid 5361] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5361] creat("./file1", 000) = 4
[pid 5361] exit_group(0) = ?
[pid 5361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5361, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./164/binderfs") = 0
umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./164/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./164/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./164/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./164/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./164") = 0
mkdir("./165", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5363 attached
, child_tidptr=0x555556e60650) = 5363
[pid 5363] set_robust_list(0x555556e60660, 24) = 0
[pid 5363] chdir("./165") = 0
[pid 5363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5363] setpgid(0, 0) = 0
[pid 5363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5363] write(3, "1000", 4) = 4
[pid 5363] close(3) = 0
[pid 5363] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5363] memfd_create("syzkaller", 0) = 3
[pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5363] munmap(0x7fa868d87000, 262144) = 0
[ 76.312262][ T5361] loop0: detected capacity change from 0 to 512
[ 76.320847][ T5361] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.335418][ T5361] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5363] close(3) = 0
[pid 5363] mkdir("./file1", 0777) = 0
[pid 5363] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5363] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5363] chdir("./file1") = 0
[pid 5363] ioctl(4, LOOP_CLR_FD) = 0
[pid 5363] close(4) = 0
[pid 5363] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5363] creat("./file1", 000) = 4
[pid 5363] exit_group(0) = ?
[pid 5363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5363, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./165/binderfs") = 0
umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./165/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./165/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./165/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./165/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./165") = 0
mkdir("./166", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached
, child_tidptr=0x555556e60650) = 5365
[pid 5365] set_robust_list(0x555556e60660, 24) = 0
[pid 5365] chdir("./166") = 0
[pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5365] setpgid(0, 0) = 0
[pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5365] write(3, "1000", 4) = 4
[pid 5365] close(3) = 0
[ 76.392279][ T5363] loop0: detected capacity change from 0 to 512
[ 76.402598][ T5363] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.417084][ T5363] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5365] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5365] memfd_create("syzkaller", 0) = 3
[pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5365] munmap(0x7fa868d87000, 262144) = 0
[pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5365] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5365] close(3) = 0
[pid 5365] mkdir("./file1", 0777) = 0
[pid 5365] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5365] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5365] chdir("./file1") = 0
[pid 5365] ioctl(4, LOOP_CLR_FD) = 0
[pid 5365] close(4) = 0
[pid 5365] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5365] creat("./file1", 000) = 4
[pid 5365] exit_group(0) = ?
[pid 5365] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./166/binderfs") = 0
umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./166/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./166/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./166/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./166/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./166") = 0
mkdir("./167", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5367
./strace-static-x86_64: Process 5367 attached
[pid 5367] set_robust_list(0x555556e60660, 24) = 0
[pid 5367] chdir("./167") = 0
[pid 5367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5367] setpgid(0, 0) = 0
[pid 5367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5367] write(3, "1000", 4) = 4
[pid 5367] close(3) = 0
[pid 5367] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5367] memfd_create("syzkaller", 0) = 3
[pid 5367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 76.488046][ T5365] loop0: detected capacity change from 0 to 512
[ 76.496717][ T5365] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.511028][ T5365] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5367] munmap(0x7fa868d87000, 262144) = 0
[pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5367] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5367] close(3) = 0
[pid 5367] mkdir("./file1", 0777) = 0
[pid 5367] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5367] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5367] chdir("./file1") = 0
[pid 5367] ioctl(4, LOOP_CLR_FD) = 0
[pid 5367] close(4) = 0
[pid 5367] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5367] creat("./file1", 000) = 4
[pid 5367] exit_group(0) = ?
[pid 5367] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5367, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./167/binderfs") = 0
umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./167/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./167/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./167/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./167/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./167") = 0
mkdir("./168", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5369 attached
, child_tidptr=0x555556e60650) = 5369
[pid 5369] set_robust_list(0x555556e60660, 24) = 0
[pid 5369] chdir("./168") = 0
[pid 5369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5369] setpgid(0, 0) = 0
[pid 5369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5369] write(3, "1000", 4) = 4
[pid 5369] close(3) = 0
[pid 5369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5369] memfd_create("syzkaller", 0) = 3
[pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[ 76.562609][ T5367] loop0: detected capacity change from 0 to 512
[ 76.579583][ T5367] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.593344][ T5367] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5369] munmap(0x7fa868d87000, 262144) = 0
[pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5369] close(3) = 0
[pid 5369] mkdir("./file1", 0777) = 0
[pid 5369] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5369] chdir("./file1") = 0
[pid 5369] ioctl(4, LOOP_CLR_FD) = 0
[pid 5369] close(4) = 0
[pid 5369] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5369] creat("./file1", 000) = 4
[pid 5369] exit_group(0) = ?
[pid 5369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5369, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./168/binderfs") = 0
umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./168/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./168/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./168/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556e69730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556e69730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./168/file1") = 0
getdents64(3, 0x555556e616f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./168") = 0
mkdir("./169", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60650) = 5371
./strace-static-x86_64: Process 5371 attached
[pid 5371] set_robust_list(0x555556e60660, 24) = 0
[pid 5371] chdir("./169") = 0
[pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5371] setpgid(0, 0) = 0
[pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5371] write(3, "1000", 4) = 4
[pid 5371] close(3) = 0
[pid 5371] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5371] memfd_create("syzkaller", 0) = 3
[pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa868d87000
[pid 5371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 5371] munmap(0x7fa868d87000, 262144) = 0
[ 76.629216][ T5369] loop0: detected capacity change from 0 to 512
[ 76.639631][ T5369] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.656345][ T5369] EXT4-fs (loop0): 1 truncate cleaned up
[pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5371] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5371] close(3) = 0
[pid 5371] mkdir("./file1", 0777) = 0
[pid 5371] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0
[pid 5371] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5371] chdir("./file1") = 0
[pid 5371] ioctl(4, LOOP_CLR_FD) = 0
[pid 5371] close(4) = 0
[pid 5371] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0
[pid 5371] creat("./file1", 000) = 4
[pid 5371] exit_group(0) = ?
[pid 5371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556e616f0 /* 4 entries */, 32768) = 112
umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./169/binderfs") = 0
[ 76.710605][ T5371] loop0: detected capacity change from 0 to 512
[ 76.730935][ T5371] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 76.749708][ T5371] EXT4-fs (loop0): 1 truncate cleaned up
umount2("./169/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0