./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1836154165

<...>
Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts.
execve("./syz-executor1836154165", ["./syz-executor1836154165"], 0x7ffd58c47020 /* 10 vars */) = 0
brk(NULL)                               = 0x55558c003000
brk(0x55558c003d00)                     = 0x55558c003d00
arch_prctl(ARCH_SET_FS, 0x55558c003380) = 0
set_tid_address(0x55558c003650)         = 282
set_robust_list(0x55558c003660, 24)     = 0
rseq(0x55558c003ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1836154165", 4096) = 28
getrandom("\x18\x34\x39\x6e\xc3\x1d\x18\x8c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558c003d00
brk(0x55558c024d00)                     = 0x55558c024d00
brk(0x55558c025000)                     = 0x55558c025000
mprotect(0x7f94a1966000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("./syzkaller.HUUcny", 0700)       = 0
chmod("./syzkaller.HUUcny", 0777)       = 0
chdir("./syzkaller.HUUcny")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 283
./strace-static-x86_64: Process 283 attached
[pid   283] set_robust_list(0x55558c003660, 24) = 0
[pid   283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   283] getppid()                   = 0
[pid   283] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   283] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   283] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   283] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   283] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   283] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   283] unshare(CLONE_NEWNS)        = 0
[pid   283] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   283] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   283] unshare(CLONE_NEWCGROUP)    = 0
[pid   283] unshare(CLONE_NEWUTS)       = 0
[pid   283] unshare(CLONE_SYSVSEM)      = 0
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   283] getpid()                    = 1
[pid   283] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   283] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   283] unshare(CLONE_NEWNET)       = 0
[pid   283] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   283] write(3, "0 65535", 7)      = 7
[pid   283] close(3)                    = 0
[pid   283] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   283] write(3, "100000", 6)       = 6
[pid   283] close(3)                    = 0
[pid   283] mkdir("./syz-tmp", 0777)    = 0
[pid   283] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   283] mkdir("./syz-tmp/newroot", 0777) = 0
[pid   283] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid   283] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   283] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   283] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   283] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   283] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   283] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   283] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   283] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   283] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   283] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   283] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   283] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid   283] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   283] mkdir("./syz-tmp/pivot", 0777) = 0
[pid   283] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   283] chdir("/")                  = 0
[   27.419304][   T24] audit: type=1400 audit(1748508310.320:64): avc:  denied  { execmem } for  pid=282 comm="syz-executor183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   27.443419][   T24] audit: type=1400 audit(1748508310.340:65): avc:  denied  { mounton } for  pid=283 comm="syz-executor183" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   283] umount2("./pivot", MNT_DETACH) = 0
[pid   283] chroot("./newroot")         = 0
[pid   283] chdir("/")                  = 0
[pid   283] mkdir("/dev/gadgetfs", 0777) = 0
[pid   283] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device)
[pid   283] mkdir("/dev/binderfs", 0777) = 0
[pid   283] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   283] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   283] mkdir("./0", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 2
./strace-static-x86_64: Process 284 attached
[pid   284] set_robust_list(0x55558c003660, 24) = 0
[pid   284] chdir("./0")                = 0
[pid   284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   284] setpgid(0, 0)               = 0
[pid   284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   284] write(3, "1000", 4)         = 4
[pid   284] close(3)                    = 0
[pid   284] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   284] write(1, "executing program\n", 18) = 18
[pid   284] memfd_create("syzkaller", 0) = 3
[pid   284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   27.465672][   T24] audit: type=1400 audit(1748508310.360:66): avc:  denied  { mounton } for  pid=283 comm="syz-executor183" path="/root/syzkaller.HUUcny/syz-tmp" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   27.466871][  T283] request_module fs-gadgetfs succeeded, but still no fs?
[   27.490445][   T24] audit: type=1400 audit(1748508310.360:67): avc:  denied  { mount } for  pid=283 comm="syz-executor183" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   27.519931][   T24] audit: type=1400 audit(1748508310.360:68): avc:  denied  { mounton } for  pid=283 comm="syz-executor183" path="/root/syzkaller.HUUcny/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   27.545405][   T24] audit: type=1400 audit(1748508310.360:69): avc:  denied  { mount } for  pid=283 comm="syz-executor183" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   27.567421][   T24] audit: type=1400 audit(1748508310.360:70): avc:  denied  { mounton } for  pid=283 comm="syz-executor183" path="/root/syzkaller.HUUcny/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[pid   284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   284] munmap(0x7f94994ac000, 138412032) = 0
[pid   284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   284] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   284] close(3)                    = 0
[   27.594217][   T24] audit: type=1400 audit(1748508310.360:71): avc:  denied  { mounton } for  pid=283 comm="syz-executor183" path="/root/syzkaller.HUUcny/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=13105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   27.621874][   T24] audit: type=1400 audit(1748508310.360:72): avc:  denied  { unmount } for  pid=283 comm="syz-executor183" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   27.641741][   T24] audit: type=1400 audit(1748508310.360:73): avc:  denied  { mounton } for  pid=283 comm="syz-executor183" path="/dev/gadgetfs" dev="devtmpfs" ino=517 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[pid   284] close(4)                    = 0
[pid   284] mkdir("./bus", 0777)        = 0
[   27.738027][  T284] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   27.745915][  T284] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   27.755434][  T284] F2FS-fs (loop0): invalid crc value
[   27.762098][  T284] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   27.784322][  T284] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   27.791060][  T284] F2FS-fs (loop0): Start checkpoint disabled!
[   27.797234][  T284] attempt to access beyond end of device
[   27.797234][  T284] loop0: rw=2049, want=40968, limit=40427
[pid   284] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   284] ioctl(3, LOOP_CLR_FD)       = 0
[pid   284] close(3)                    = 0
[pid   284] memfd_create("syzkaller", 0) = 3
[pid   284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   284] munmap(0x7f94994ac000, 138412032) = 0
[pid   284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   284] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   284] close(3)                    = 0
[pid   284] close(4)                    = 0
[pid   284] mkdir("./file0", 0777)      = 0
[pid   284] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   284] chdir("./file0")            = 0
[pid   284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   284] ioctl(4, LOOP_CLR_FD)       = 0
[pid   284] close(4)                    = 0
[pid   284] close(3)                    = 0
[pid   284] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   284] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   284] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   284] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   284] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   284] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   284] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   284] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   284] exit_group(0)               = ?
[pid   284] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=10, si_stime=19} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./0/file0")          = 0
[pid   283] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./0/bus")            = 0
[pid   283] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./0/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./0")                = 0
[pid   283] mkdir("./1", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[   28.022941][  T284] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 3
./strace-static-x86_64: Process 291 attached
[pid   291] set_robust_list(0x55558c003660, 24) = 0
[pid   291] chdir("./1")                = 0
[pid   291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   291] setpgid(0, 0)               = 0
[pid   291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   291] write(3, "1000", 4)         = 4
[pid   291] close(3)                    = 0
[pid   291] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   291] write(1, "executing program\n", 18) = 18
[pid   291] memfd_create("syzkaller", 0) = 3
[pid   291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   291] munmap(0x7f94994ac000, 138412032) = 0
[pid   291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   291] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   291] close(3)                    = 0
[pid   291] close(4)                    = 0
[pid   291] mkdir("./bus", 0777)        = 0
[   28.282806][  T291] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   28.290581][  T291] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   28.299806][  T291] F2FS-fs (loop0): invalid crc value
[   28.306196][  T291] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   28.328363][  T291] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   28.334990][  T291] F2FS-fs (loop0): Start checkpoint disabled!
[   28.341309][  T291] attempt to access beyond end of device
[   28.341309][  T291] loop0: rw=2049, want=40968, limit=40427
[pid   291] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   291] ioctl(3, LOOP_CLR_FD)       = 0
[pid   291] close(3)                    = 0
[pid   291] memfd_create("syzkaller", 0) = 3
[pid   291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   291] munmap(0x7f94994ac000, 138412032) = 0
[pid   291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   291] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   291] close(3)                    = 0
[pid   291] close(4)                    = 0
[pid   291] mkdir("./file0", 0777)      = 0
[pid   291] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   291] chdir("./file0")            = 0
[pid   291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   291] ioctl(4, LOOP_CLR_FD)       = 0
[pid   291] close(4)                    = 0
[pid   291] close(3)                    = 0
[pid   291] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   291] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   291] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   291] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   291] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   291] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   291] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   291] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   291] exit_group(0)               = ?
[pid   291] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   28.532084][  T291] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./1/file0")          = 0
[pid   283] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./1/bus")            = 0
[pid   283] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./1/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./1")                = 0
[pid   283] mkdir("./2", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 4
./strace-static-x86_64: Process 297 attached
[pid   297] set_robust_list(0x55558c003660, 24) = 0
[pid   297] chdir("./2")                = 0
[pid   297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   297] setpgid(0, 0)               = 0
[pid   297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   297] write(3, "1000", 4)         = 4
[pid   297] close(3)                    = 0
[pid   297] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   297] write(1, "executing program\n", 18) = 18
[pid   297] memfd_create("syzkaller", 0) = 3
[pid   297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   297] munmap(0x7f94994ac000, 138412032) = 0
[pid   297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   297] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   297] close(3)                    = 0
[pid   297] close(4)                    = 0
[pid   297] mkdir("./bus", 0777)        = 0
[   28.732457][  T297] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   28.740462][  T297] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   28.749506][  T297] F2FS-fs (loop0): invalid crc value
[   28.755841][  T297] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   28.777693][  T297] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   28.784323][  T297] F2FS-fs (loop0): Start checkpoint disabled!
[   28.790513][  T297] attempt to access beyond end of device
[   28.790513][  T297] loop0: rw=2049, want=40968, limit=40427
[pid   297] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   297] ioctl(3, LOOP_CLR_FD)       = 0
[pid   297] close(3)                    = 0
[pid   297] memfd_create("syzkaller", 0) = 3
[pid   297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   297] munmap(0x7f94994ac000, 138412032) = 0
[pid   297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   297] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   297] close(3)                    = 0
[pid   297] close(4)                    = 0
[pid   297] mkdir("./file0", 0777)      = 0
[pid   297] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   297] chdir("./file0")            = 0
[pid   297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   297] ioctl(4, LOOP_CLR_FD)       = 0
[pid   297] close(4)                    = 0
[pid   297] close(3)                    = 0
[pid   297] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   297] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   297] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   297] exit_group(0)               = ?
[pid   297] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   28.934617][  T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./2/file0")          = 0
[pid   283] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./2/bus")            = 0
[pid   283] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./2/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./2")                = 0
[pid   283] mkdir("./3", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 5
./strace-static-x86_64: Process 303 attached
[pid   303] set_robust_list(0x55558c003660, 24) = 0
[pid   303] chdir("./3")                = 0
[pid   303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   303] setpgid(0, 0)               = 0
[pid   303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   303] write(3, "1000", 4)         = 4
[pid   303] close(3)                    = 0
[pid   303] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   303] write(1, "executing program\n", 18) = 18
[pid   303] memfd_create("syzkaller", 0) = 3
[pid   303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   303] munmap(0x7f94994ac000, 138412032) = 0
[pid   303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   303] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   303] close(3)                    = 0
[pid   303] close(4)                    = 0
[pid   303] mkdir("./bus", 0777)        = 0
[   29.169427][  T303] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   29.177215][  T303] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   29.186858][  T303] F2FS-fs (loop0): invalid crc value
[   29.193325][  T303] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   29.214853][  T303] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   29.221434][  T303] F2FS-fs (loop0): Start checkpoint disabled!
[   29.227531][  T303] attempt to access beyond end of device
[   29.227531][  T303] loop0: rw=2049, want=40968, limit=40427
[pid   303] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   303] ioctl(3, LOOP_CLR_FD)       = 0
[pid   303] close(3)                    = 0
[pid   303] memfd_create("syzkaller", 0) = 3
[pid   303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   303] munmap(0x7f94994ac000, 138412032) = 0
[pid   303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   303] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   303] close(3)                    = 0
[pid   303] close(4)                    = 0
[pid   303] mkdir("./file0", 0777)      = 0
[pid   303] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   303] chdir("./file0")            = 0
[pid   303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   303] ioctl(4, LOOP_CLR_FD)       = 0
[pid   303] close(4)                    = 0
[pid   303] close(3)                    = 0
[pid   303] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   303] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   303] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   303] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   303] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   303] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   303] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   303] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   303] exit_group(0)               = ?
[pid   303] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=4, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   29.430685][  T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./3/file0")          = 0
[pid   283] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./3/bus")            = 0
[pid   283] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./3/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./3")                = 0
[pid   283] mkdir("./4", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 6
./strace-static-x86_64: Process 309 attached
[pid   309] set_robust_list(0x55558c003660, 24) = 0
[pid   309] chdir("./4")                = 0
[pid   309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   309] setpgid(0, 0)               = 0
[pid   309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   309] write(3, "1000", 4)         = 4
[pid   309] close(3)                    = 0
[pid   309] symlink("/dev/binderfs", "./binderfs") = 0
[pid   309] write(1, "executing program\n", 18) = 18
[pid   309] memfd_create("syzkaller", 0) = 3
[pid   309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
executing program
[pid   309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   309] munmap(0x7f94994ac000, 138412032) = 0
[pid   309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   309] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   309] close(3)                    = 0
[pid   309] close(4)                    = 0
[pid   309] mkdir("./bus", 0777)        = 0
[   29.650315][  T309] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   29.658140][  T309] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   29.667021][  T309] F2FS-fs (loop0): invalid crc value
[   29.673179][  T309] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   29.694332][  T309] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   29.701054][  T309] F2FS-fs (loop0): Start checkpoint disabled!
[   29.707162][  T309] attempt to access beyond end of device
[   29.707162][  T309] loop0: rw=2049, want=40968, limit=40427
[pid   309] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   309] ioctl(3, LOOP_CLR_FD)       = 0
[pid   309] close(3)                    = 0
[pid   309] memfd_create("syzkaller", 0) = 3
[pid   309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   309] munmap(0x7f94994ac000, 138412032) = 0
[pid   309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   309] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   309] close(3)                    = 0
[pid   309] close(4)                    = 0
[pid   309] mkdir("./file0", 0777)      = 0
[pid   309] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   309] chdir("./file0")            = 0
[pid   309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   309] ioctl(4, LOOP_CLR_FD)       = 0
[pid   309] close(4)                    = 0
[pid   309] close(3)                    = 0
[pid   309] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   309] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   309] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   309] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   309] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   309] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   309] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   309] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   309] exit_group(0)               = ?
[pid   309] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=2, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   29.873243][  T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./4/file0")          = 0
[pid   283] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./4/bus")            = 0
[pid   283] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./4/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./4")                = 0
[pid   283] mkdir("./5", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 7
./strace-static-x86_64: Process 315 attached
[pid   315] set_robust_list(0x55558c003660, 24) = 0
[pid   315] chdir("./5")                = 0
[pid   315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   315] setpgid(0, 0)               = 0
[pid   315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   315] write(3, "1000", 4)         = 4
[pid   315] close(3)                    = 0
[pid   315] symlink("/dev/binderfs", "./binderfs") = 0
[pid   315] write(1, "executing program\n", 18executing program
) = 18
[pid   315] memfd_create("syzkaller", 0) = 3
[pid   315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   315] munmap(0x7f94994ac000, 138412032) = 0
[pid   315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   315] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   315] close(3)                    = 0
[pid   315] close(4)                    = 0
[pid   315] mkdir("./bus", 0777)        = 0
[   30.101667][  T315] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   30.109467][  T315] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   30.118389][  T315] F2FS-fs (loop0): invalid crc value
[   30.124826][  T315] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   315] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   30.146625][  T315] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   30.153315][  T315] F2FS-fs (loop0): Start checkpoint disabled!
[   30.159499][  T315] attempt to access beyond end of device
[   30.159499][  T315] loop0: rw=2049, want=40968, limit=40427
[pid   315] ioctl(3, LOOP_CLR_FD)       = 0
[pid   315] close(3)                    = 0
[pid   315] memfd_create("syzkaller", 0) = 3
[pid   315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   315] munmap(0x7f94994ac000, 138412032) = 0
[pid   315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   315] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   315] close(3)                    = 0
[pid   315] close(4)                    = 0
[pid   315] mkdir("./file0", 0777)      = 0
[pid   315] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   315] chdir("./file0")            = 0
[pid   315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   315] ioctl(4, LOOP_CLR_FD)       = 0
[pid   315] close(4)                    = 0
[pid   315] close(3)                    = 0
[pid   315] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   315] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   315] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   315] exit_group(0)               = ?
[pid   315] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   30.311431][  T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./5/file0")          = 0
[pid   283] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./5/bus")            = 0
[pid   283] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./5/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./5")                = 0
[pid   283] mkdir("./6", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 8
./strace-static-x86_64: Process 321 attached
[pid   321] set_robust_list(0x55558c003660, 24) = 0
[pid   321] chdir("./6")                = 0
[pid   321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   321] setpgid(0, 0)               = 0
[pid   321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   321] write(3, "1000", 4)         = 4
[pid   321] close(3)                    = 0
[pid   321] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   321] write(1, "executing program\n", 18) = 18
[pid   321] memfd_create("syzkaller", 0) = 3
[pid   321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   321] munmap(0x7f94994ac000, 138412032) = 0
[pid   321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   321] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   321] close(3)                    = 0
[pid   321] close(4)                    = 0
[pid   321] mkdir("./bus", 0777)        = 0
[   30.540753][  T321] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   30.548518][  T321] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   30.557890][  T321] F2FS-fs (loop0): invalid crc value
[   30.564324][  T321] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   30.586699][  T321] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   30.593445][  T321] F2FS-fs (loop0): Start checkpoint disabled!
[   30.599649][  T321] attempt to access beyond end of device
[   30.599649][  T321] loop0: rw=2049, want=40968, limit=40427
[pid   321] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   321] ioctl(3, LOOP_CLR_FD)       = 0
[pid   321] close(3)                    = 0
[pid   321] memfd_create("syzkaller", 0) = 3
[pid   321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   321] munmap(0x7f94994ac000, 138412032) = 0
[pid   321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   321] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   321] close(3)                    = 0
[pid   321] close(4)                    = 0
[pid   321] mkdir("./file0", 0777)      = 0
[pid   321] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   321] chdir("./file0")            = 0
[pid   321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   321] ioctl(4, LOOP_CLR_FD)       = 0
[pid   321] close(4)                    = 0
[pid   321] close(3)                    = 0
[pid   321] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   321] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   321] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   321] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   321] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   321] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   321] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   321] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   321] exit_group(0)               = ?
[pid   321] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   30.732675][  T321] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./6/file0")          = 0
[pid   283] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./6/bus")            = 0
[pid   283] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./6/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./6")                = 0
[pid   283] mkdir("./7", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 9
./strace-static-x86_64: Process 327 attached
[pid   327] set_robust_list(0x55558c003660, 24) = 0
[pid   327] chdir("./7")                = 0
[pid   327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   327] setpgid(0, 0)               = 0
[pid   327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   327] write(3, "1000", 4)         = 4
[pid   327] close(3)                    = 0
[pid   327] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   327] write(1, "executing program\n", 18) = 18
[pid   327] memfd_create("syzkaller", 0) = 3
[pid   327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   327] munmap(0x7f94994ac000, 138412032) = 0
[pid   327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   327] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   327] close(3)                    = 0
[pid   327] close(4)                    = 0
[pid   327] mkdir("./bus", 0777)        = 0
[   30.935018][  T327] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   30.942859][  T327] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   30.952084][  T327] F2FS-fs (loop0): invalid crc value
[   30.958362][  T327] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   30.980366][  T327] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   30.986944][  T327] F2FS-fs (loop0): Start checkpoint disabled!
[   30.993096][  T327] attempt to access beyond end of device
[   30.993096][  T327] loop0: rw=2049, want=40968, limit=40427
[pid   327] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   327] ioctl(3, LOOP_CLR_FD)       = 0
[pid   327] close(3)                    = 0
[pid   327] memfd_create("syzkaller", 0) = 3
[pid   327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   327] munmap(0x7f94994ac000, 138412032) = 0
[pid   327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   327] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   327] close(3)                    = 0
[pid   327] close(4)                    = 0
[pid   327] mkdir("./file0", 0777)      = 0
[pid   327] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   327] chdir("./file0")            = 0
[pid   327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   327] ioctl(4, LOOP_CLR_FD)       = 0
[pid   327] close(4)                    = 0
[pid   327] close(3)                    = 0
[pid   327] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   327] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   327] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   327] exit_group(0)               = ?
[pid   327] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   31.130252][  T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./7/file0")          = 0
[pid   283] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./7/bus")            = 0
[pid   283] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./7/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./7")                = 0
[pid   283] mkdir("./8", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 333 attached
, child_tidptr=0x55558c003650) = 10
[pid   333] set_robust_list(0x55558c003660, 24) = 0
[pid   333] chdir("./8")                = 0
[pid   333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   333] setpgid(0, 0)               = 0
[pid   333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   333] write(3, "1000", 4)         = 4
[pid   333] close(3)                    = 0
[pid   333] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   333] write(1, "executing program\n", 18) = 18
[pid   333] memfd_create("syzkaller", 0) = 3
[pid   333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   333] munmap(0x7f94994ac000, 138412032) = 0
[pid   333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   333] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   333] close(3)                    = 0
[pid   333] close(4)                    = 0
[pid   333] mkdir("./bus", 0777)        = 0
[   31.374708][  T333] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   31.382571][  T333] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   31.391648][  T333] F2FS-fs (loop0): invalid crc value
[   31.397876][  T333] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   31.419648][  T333] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   31.426248][  T333] F2FS-fs (loop0): Start checkpoint disabled!
[   31.432397][  T333] attempt to access beyond end of device
[   31.432397][  T333] loop0: rw=2049, want=40968, limit=40427
[pid   333] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   333] ioctl(3, LOOP_CLR_FD)       = 0
[pid   333] close(3)                    = 0
[pid   333] memfd_create("syzkaller", 0) = 3
[pid   333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   333] munmap(0x7f94994ac000, 138412032) = 0
[pid   333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   333] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   333] close(3)                    = 0
[pid   333] close(4)                    = 0
[pid   333] mkdir("./file0", 0777)      = 0
[pid   333] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   333] chdir("./file0")            = 0
[pid   333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   333] ioctl(4, LOOP_CLR_FD)       = 0
[pid   333] close(4)                    = 0
[pid   333] close(3)                    = 0
[pid   333] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   333] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   333] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   333] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   333] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   333] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   333] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   333] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   333] exit_group(0)               = ?
[pid   333] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=5, si_stime=14} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   31.663113][  T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./8/file0")          = 0
[pid   283] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./8/bus")            = 0
[pid   283] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./8/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./8")                = 0
[pid   283] mkdir("./9", 0777)          = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 339 attached
 <unfinished ...>
[pid   339] set_robust_list(0x55558c003660, 24) = 0
[pid   339] chdir("./9" <unfinished ...>
[pid   283] <... clone resumed>, child_tidptr=0x55558c003650) = 11
[pid   339] <... chdir resumed>)        = 0
[pid   339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   339] setpgid(0, 0)               = 0
[pid   339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   339] write(3, "1000", 4)         = 4
[pid   339] close(3)                    = 0
[pid   339] symlink("/dev/binderfs", "./binderfs") = 0
[pid   339] write(1, "executing program\n", 18executing program
) = 18
[pid   339] memfd_create("syzkaller", 0) = 3
[pid   339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   339] munmap(0x7f94994ac000, 138412032) = 0
[pid   339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   339] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   339] close(3)                    = 0
[pid   339] close(4)                    = 0
[pid   339] mkdir("./bus", 0777)        = 0
[   32.021619][  T339] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   32.029395][  T339] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   32.038568][  T339] F2FS-fs (loop0): invalid crc value
[   32.044904][  T339] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   32.067873][  T339] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   32.074479][  T339] F2FS-fs (loop0): Start checkpoint disabled!
[   32.080858][  T339] attempt to access beyond end of device
[   32.080858][  T339] loop0: rw=2049, want=40968, limit=40427
[pid   339] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   339] ioctl(3, LOOP_CLR_FD)       = 0
[pid   339] close(3)                    = 0
[pid   339] memfd_create("syzkaller", 0) = 3
[pid   339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   339] munmap(0x7f94994ac000, 138412032) = 0
[pid   339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   339] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   339] close(3)                    = 0
[pid   339] close(4)                    = 0
[pid   339] mkdir("./file0", 0777)      = 0
[pid   339] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   339] chdir("./file0")            = 0
[pid   339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   339] ioctl(4, LOOP_CLR_FD)       = 0
[pid   339] close(4)                    = 0
[pid   339] close(3)                    = 0
[pid   339] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   339] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   339] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   339] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   339] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   339] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   339] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   339] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   339] exit_group(0)               = ?
[pid   339] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   32.244193][  T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./9/file0")          = 0
[pid   283] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./9/bus")            = 0
[pid   283] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./9/binderfs")      = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./9")                = 0
[pid   283] mkdir("./10", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 12
./strace-static-x86_64: Process 345 attached
[pid   345] set_robust_list(0x55558c003660, 24) = 0
[pid   345] chdir("./10")               = 0
[pid   345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   345] setpgid(0, 0)               = 0
[pid   345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   345] write(3, "1000", 4)         = 4
[pid   345] close(3)                    = 0
[pid   345] symlink("/dev/binderfs", "./binderfs") = 0
[pid   345] write(1, "executing program\n", 18executing program
) = 18
[pid   345] memfd_create("syzkaller", 0) = 3
[pid   345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   345] munmap(0x7f94994ac000, 138412032) = 0
[pid   345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   345] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   345] close(3)                    = 0
[pid   345] close(4)                    = 0
[pid   345] mkdir("./bus", 0777)        = 0
[   32.531139][  T345] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   32.539019][  T345] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   32.548064][  T345] F2FS-fs (loop0): invalid crc value
[   32.554471][  T345] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   345] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   32.577031][  T345] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   32.583679][  T345] F2FS-fs (loop0): Start checkpoint disabled!
[pid   345] ioctl(3, LOOP_CLR_FD)       = 0
[pid   345] close(3)                    = 0
[pid   345] memfd_create("syzkaller", 0) = 3
[pid   345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   345] munmap(0x7f94994ac000, 138412032) = 0
[pid   345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   345] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   345] close(3)                    = 0
[pid   345] close(4)                    = 0
[pid   345] mkdir("./file0", 0777)      = 0
[pid   345] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   345] chdir("./file0")            = 0
[pid   345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   345] ioctl(4, LOOP_CLR_FD)       = 0
[pid   345] close(4)                    = 0
[pid   345] close(3)                    = 0
[pid   345] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   345] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   345] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   345] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   345] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   345] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   345] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   345] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   345] exit_group(0)               = ?
[pid   345] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=3, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   32.810321][  T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./10/file0")         = 0
[pid   283] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./10/bus")           = 0
[pid   283] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./10/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./10")               = 0
[pid   283] mkdir("./11", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558c003650) = 13
./strace-static-x86_64: Process 351 attached
[pid   351] set_robust_list(0x55558c003660, 24) = 0
[pid   351] chdir("./11")               = 0
[pid   351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   351] setpgid(0, 0)               = 0
[pid   351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   351] write(3, "1000", 4)         = 4
[pid   351] close(3)                    = 0
[pid   351] symlink("/dev/binderfs", "./binderfs") = 0
[pid   351] write(1, "executing program\n", 18) = 18
[pid   351] memfd_create("syzkaller", 0) = 3
[pid   351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   351] munmap(0x7f94994ac000, 138412032) = 0
[pid   351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   351] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   351] close(3)                    = 0
[pid   351] close(4)                    = 0
[pid   351] mkdir("./bus", 0777)        = 0
[   33.089704][  T351] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   33.097536][  T351] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   33.106603][  T351] F2FS-fs (loop0): invalid crc value
[   33.112957][  T351] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   33.134640][  T351] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   33.141380][  T351] F2FS-fs (loop0): Start checkpoint disabled!
[   33.147559][  T351] handle_bad_sector: 1 callbacks suppressed
[   33.147567][  T351] attempt to access beyond end of device
[   33.147567][  T351] loop0: rw=2049, want=40968, limit=40427
[pid   351] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   351] ioctl(3, LOOP_CLR_FD)       = 0
[pid   351] close(3)                    = 0
[pid   351] memfd_create("syzkaller", 0) = 3
[pid   351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   351] munmap(0x7f94994ac000, 138412032) = 0
[pid   351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   351] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   351] close(3)                    = 0
[pid   351] close(4)                    = 0
[pid   351] mkdir("./file0", 0777)      = 0
[pid   351] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   351] chdir("./file0")            = 0
[pid   351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   351] ioctl(4, LOOP_CLR_FD)       = 0
[pid   351] close(4)                    = 0
[pid   351] close(3)                    = 0
[pid   351] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   351] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   351] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   351] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   351] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   351] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   351] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   351] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   351] exit_group(0)               = ?
[pid   351] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=4, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./11/file0")         = 0
[pid   283] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./11/bus")           = 0
[pid   283] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./11/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./11")               = 0
[pid   283] mkdir("./12", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558c003650) = 14
./strace-static-x86_64: Process 357 attached
[pid   357] set_robust_list(0x55558c003660, 24) = 0
[pid   357] chdir("./12")               = 0
[pid   357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   357] setpgid(0, 0)               = 0
[pid   357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   357] write(3, "1000", 4)         = 4
[pid   357] close(3)                    = 0
[pid   357] symlink("/dev/binderfs", "./binderfs") = 0
[pid   357] write(1, "executing program\n", 18) = 18
[pid   357] memfd_create("syzkaller", 0) = 3
[pid   357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   33.299759][  T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   357] munmap(0x7f94994ac000, 138412032) = 0
[pid   357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   357] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   357] close(3)                    = 0
[pid   357] close(4)                    = 0
[pid   357] mkdir("./bus", 0777)        = 0
[   33.509978][  T357] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   33.517783][  T357] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   33.527059][  T357] F2FS-fs (loop0): invalid crc value
[   33.533505][  T357] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   33.556621][  T357] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   33.563393][  T357] F2FS-fs (loop0): Start checkpoint disabled!
[   33.569710][  T357] attempt to access beyond end of device
[   33.569710][  T357] loop0: rw=2049, want=40968, limit=40427
[pid   357] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   357] ioctl(3, LOOP_CLR_FD)       = 0
[pid   357] close(3)                    = 0
[pid   357] memfd_create("syzkaller", 0) = 3
[pid   357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   357] munmap(0x7f94994ac000, 138412032) = 0
[pid   357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   357] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   357] close(3)                    = 0
[pid   357] close(4)                    = 0
[pid   357] mkdir("./file0", 0777)      = 0
[pid   357] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   357] chdir("./file0")            = 0
[pid   357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   357] ioctl(4, LOOP_CLR_FD)       = 0
[pid   357] close(4)                    = 0
[pid   357] close(3)                    = 0
[pid   357] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   357] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   357] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   357] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   357] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   357] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   357] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   357] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   357] exit_group(0)               = ?
[pid   357] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   33.723462][  T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./12/file0")         = 0
[pid   283] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./12/bus")           = 0
[pid   283] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./12/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./12")               = 0
[pid   283] mkdir("./13", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 15
./strace-static-x86_64: Process 363 attached
[pid   363] set_robust_list(0x55558c003660, 24) = 0
[pid   363] chdir("./13")               = 0
[pid   363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   363] setpgid(0, 0)               = 0
[pid   363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   363] write(3, "1000", 4)         = 4
[pid   363] close(3)                    = 0
[pid   363] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   363] write(1, "executing program\n", 18) = 18
[pid   363] memfd_create("syzkaller", 0) = 3
[pid   363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   363] munmap(0x7f94994ac000, 138412032) = 0
[pid   363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   363] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   363] close(3)                    = 0
[pid   363] close(4)                    = 0
[pid   363] mkdir("./bus", 0777)        = 0
[   33.938278][  T363] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   33.946436][  T363] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   33.955548][  T363] F2FS-fs (loop0): invalid crc value
[   33.961989][  T363] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   33.984158][  T363] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   33.990754][  T363] F2FS-fs (loop0): Start checkpoint disabled!
[   33.996869][  T363] attempt to access beyond end of device
[   33.996869][  T363] loop0: rw=2049, want=40968, limit=40427
[pid   363] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   363] ioctl(3, LOOP_CLR_FD)       = 0
[pid   363] close(3)                    = 0
[pid   363] memfd_create("syzkaller", 0) = 3
[pid   363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   363] munmap(0x7f94994ac000, 138412032) = 0
[pid   363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   363] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   363] close(3)                    = 0
[pid   363] close(4)                    = 0
[pid   363] mkdir("./file0", 0777)      = 0
[pid   363] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   363] chdir("./file0")            = 0
[pid   363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   363] ioctl(4, LOOP_CLR_FD)       = 0
[pid   363] close(4)                    = 0
[pid   363] close(3)                    = 0
[pid   363] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   363] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   363] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   363] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   363] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   363] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   363] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   363] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   363] exit_group(0)               = ?
[pid   363] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=5, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./13/file0")         = 0
[pid   283] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./13/bus")           = 0
[pid   283] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./13/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./13")               = 0
[   34.212846][  T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] mkdir("./14", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 16
./strace-static-x86_64: Process 369 attached
[pid   369] set_robust_list(0x55558c003660, 24) = 0
[pid   369] chdir("./14")               = 0
[pid   369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   369] setpgid(0, 0)               = 0
[pid   369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   369] write(3, "1000", 4)         = 4
[pid   369] close(3)                    = 0
[pid   369] symlink("/dev/binderfs", "./binderfs") = 0
[pid   369] write(1, "executing program\n", 18executing program
) = 18
[pid   369] memfd_create("syzkaller", 0) = 3
[pid   369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   369] munmap(0x7f94994ac000, 138412032) = 0
[pid   369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   369] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   369] close(3)                    = 0
[pid   369] close(4)                    = 0
[pid   369] mkdir("./bus", 0777)        = 0
[   34.381040][  T369] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   34.389016][  T369] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   34.398065][  T369] F2FS-fs (loop0): invalid crc value
[   34.404378][  T369] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   34.426534][  T369] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   34.433170][  T369] F2FS-fs (loop0): Start checkpoint disabled!
[   34.439354][  T369] attempt to access beyond end of device
[   34.439354][  T369] loop0: rw=2049, want=40968, limit=40427
[pid   369] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   369] ioctl(3, LOOP_CLR_FD)       = 0
[pid   369] close(3)                    = 0
[pid   369] memfd_create("syzkaller", 0) = 3
[pid   369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   369] munmap(0x7f94994ac000, 138412032) = 0
[pid   369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   369] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   369] close(3)                    = 0
[pid   369] close(4)                    = 0
[pid   369] mkdir("./file0", 0777)      = 0
[pid   369] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   369] chdir("./file0")            = 0
[pid   369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   369] ioctl(4, LOOP_CLR_FD)       = 0
[pid   369] close(4)                    = 0
[pid   369] close(3)                    = 0
[pid   369] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   369] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   369] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   369] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   369] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   369] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   369] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   369] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   369] exit_group(0)               = ?
[pid   369] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   34.597626][  T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./14/file0")         = 0
[pid   283] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./14/bus")           = 0
[pid   283] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./14/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./14")               = 0
[pid   283] mkdir("./15", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3executing program
)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 17
./strace-static-x86_64: Process 375 attached
[pid   375] set_robust_list(0x55558c003660, 24) = 0
[pid   375] chdir("./15")               = 0
[pid   375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   375] setpgid(0, 0)               = 0
[pid   375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   375] write(3, "1000", 4)         = 4
[pid   375] close(3)                    = 0
[pid   375] symlink("/dev/binderfs", "./binderfs") = 0
[pid   375] write(1, "executing program\n", 18) = 18
[pid   375] memfd_create("syzkaller", 0) = 3
[pid   375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   375] munmap(0x7f94994ac000, 138412032) = 0
[pid   375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   375] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   375] close(3)                    = 0
[pid   375] close(4)                    = 0
[pid   375] mkdir("./bus", 0777)        = 0
[   34.861210][  T375] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   34.869076][  T375] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   34.878277][  T375] F2FS-fs (loop0): invalid crc value
[   34.884695][  T375] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   34.906550][  T375] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   34.913309][  T375] F2FS-fs (loop0): Start checkpoint disabled!
[   34.919498][  T375] attempt to access beyond end of device
[   34.919498][  T375] loop0: rw=2049, want=40968, limit=40427
[pid   375] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   375] ioctl(3, LOOP_CLR_FD)       = 0
[pid   375] close(3)                    = 0
[pid   375] memfd_create("syzkaller", 0) = 3
[pid   375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   375] munmap(0x7f94994ac000, 138412032) = 0
[pid   375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   375] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   375] close(3)                    = 0
[pid   375] close(4)                    = 0
[pid   375] mkdir("./file0", 0777)      = 0
[pid   375] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   375] chdir("./file0")            = 0
[pid   375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   375] ioctl(4, LOOP_CLR_FD)       = 0
[pid   375] close(4)                    = 0
[pid   375] close(3)                    = 0
[pid   375] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   375] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   375] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   375] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   375] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   375] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   375] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   375] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   375] exit_group(0)               = ?
[pid   375] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   35.140407][  T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./15/file0")         = 0
[pid   283] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./15/bus")           = 0
[pid   283] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./15/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./15")               = 0
[pid   283] mkdir("./16", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 18
./strace-static-x86_64: Process 381 attached
[pid   381] set_robust_list(0x55558c003660, 24) = 0
[pid   381] chdir("./16")               = 0
[pid   381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   381] setpgid(0, 0)               = 0
[pid   381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   381] write(3, "1000", 4)         = 4
[pid   381] close(3)                    = 0
[pid   381] symlink("/dev/binderfs", "./binderfs") = 0
[pid   381] write(1, "executing program\n", 18executing program
) = 18
[pid   381] memfd_create("syzkaller", 0) = 3
[pid   381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   381] munmap(0x7f94994ac000, 138412032) = 0
[pid   381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   381] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   381] close(3)                    = 0
[pid   381] close(4)                    = 0
[pid   381] mkdir("./bus", 0777)        = 0
[   35.405614][  T381] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   35.413400][  T381] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   35.422951][  T381] F2FS-fs (loop0): invalid crc value
[   35.429476][  T381] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   35.452297][  T381] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   35.459043][  T381] F2FS-fs (loop0): Start checkpoint disabled!
[   35.465156][  T381] attempt to access beyond end of device
[   35.465156][  T381] loop0: rw=2049, want=40968, limit=40427
[pid   381] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   381] ioctl(3, LOOP_CLR_FD)       = 0
[pid   381] close(3)                    = 0
[pid   381] memfd_create("syzkaller", 0) = 3
[pid   381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   381] munmap(0x7f94994ac000, 138412032) = 0
[pid   381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   381] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   381] close(3)                    = 0
[pid   381] close(4)                    = 0
[pid   381] mkdir("./file0", 0777)      = 0
[pid   381] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   381] chdir("./file0")            = 0
[pid   381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   381] ioctl(4, LOOP_CLR_FD)       = 0
[pid   381] close(4)                    = 0
[pid   381] close(3)                    = 0
[pid   381] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   381] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   381] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   381] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   381] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   381] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   381] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   381] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   381] exit_group(0)               = ?
[pid   381] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   35.654849][  T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./16/file0")         = 0
[pid   283] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./16/bus")           = 0
[pid   283] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./16/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./16")               = 0
[pid   283] mkdir("./17", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 19
./strace-static-x86_64: Process 387 attached
[pid   387] set_robust_list(0x55558c003660, 24) = 0
[pid   387] chdir("./17"executing program
)               = 0
[pid   387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   387] setpgid(0, 0)               = 0
[pid   387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   387] write(3, "1000", 4)         = 4
[pid   387] close(3)                    = 0
[pid   387] symlink("/dev/binderfs", "./binderfs") = 0
[pid   387] write(1, "executing program\n", 18) = 18
[pid   387] memfd_create("syzkaller", 0) = 3
[pid   387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   387] munmap(0x7f94994ac000, 138412032) = 0
[pid   387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   387] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   387] close(3)                    = 0
[pid   387] close(4)                    = 0
[pid   387] mkdir("./bus", 0777)        = 0
[   35.836567][  T387] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   35.844350][  T387] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   35.853328][  T387] F2FS-fs (loop0): invalid crc value
[   35.859665][  T387] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   35.882148][  T387] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   35.888825][  T387] F2FS-fs (loop0): Start checkpoint disabled!
[   35.895091][  T387] attempt to access beyond end of device
[   35.895091][  T387] loop0: rw=2049, want=40968, limit=40427
[pid   387] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   387] ioctl(3, LOOP_CLR_FD)       = 0
[pid   387] close(3)                    = 0
[pid   387] memfd_create("syzkaller", 0) = 3
[pid   387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   387] munmap(0x7f94994ac000, 138412032) = 0
[pid   387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   387] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   387] close(3)                    = 0
[pid   387] close(4)                    = 0
[pid   387] mkdir("./file0", 0777)      = 0
[pid   387] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   387] chdir("./file0")            = 0
[pid   387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   387] ioctl(4, LOOP_CLR_FD)       = 0
[pid   387] close(4)                    = 0
[pid   387] close(3)                    = 0
[pid   387] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   387] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   387] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   387] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   387] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   387] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   387] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   387] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   387] exit_group(0)               = ?
[pid   387] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=2, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   36.067269][  T387] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./17/file0")         = 0
[pid   283] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./17/bus")           = 0
[pid   283] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./17/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./17")               = 0
[pid   283] mkdir("./18", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 20
./strace-static-x86_64: Process 393 attached
[pid   393] set_robust_list(0x55558c003660, 24) = 0
[pid   393] chdir("./18")               = 0
[pid   393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   393] setpgid(0, 0)               = 0
[pid   393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   393] write(3, "1000", 4)         = 4
[pid   393] close(3)                    = 0
[pid   393] symlink("/dev/binderfs", "./binderfs") = 0
[pid   393] write(1, "executing program\n", 18executing program
) = 18
[pid   393] memfd_create("syzkaller", 0) = 3
[pid   393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   393] munmap(0x7f94994ac000, 138412032) = 0
[pid   393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   393] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   393] close(3)                    = 0
[pid   393] close(4)                    = 0
[pid   393] mkdir("./bus", 0777)        = 0
[   36.306421][  T393] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   36.314412][  T393] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   36.323899][  T393] F2FS-fs (loop0): invalid crc value
[   36.330430][  T393] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   36.352385][  T393] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   36.358964][  T393] F2FS-fs (loop0): Start checkpoint disabled!
[   36.365075][  T393] attempt to access beyond end of device
[   36.365075][  T393] loop0: rw=2049, want=40968, limit=40427
[pid   393] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   393] ioctl(3, LOOP_CLR_FD)       = 0
[pid   393] close(3)                    = 0
[pid   393] memfd_create("syzkaller", 0) = 3
[pid   393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   393] munmap(0x7f94994ac000, 138412032) = 0
[pid   393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   393] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   393] close(3)                    = 0
[pid   393] close(4)                    = 0
[pid   393] mkdir("./file0", 0777)      = 0
[pid   393] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   393] chdir("./file0")            = 0
[pid   393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   393] ioctl(4, LOOP_CLR_FD)       = 0
[pid   393] close(4)                    = 0
[pid   393] close(3)                    = 0
[pid   393] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   393] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   393] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   393] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   393] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   393] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   393] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   393] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   393] exit_group(0)               = ?
[pid   393] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   36.532553][  T393] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./18/file0")         = 0
[pid   283] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./18/bus")           = 0
[pid   283] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./18/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./18")               = 0
[pid   283] mkdir("./19", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 21
./strace-static-x86_64: Process 399 attached
[pid   399] set_robust_list(0x55558c003660, 24) = 0
[pid   399] chdir("./19")               = 0
[pid   399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   399] setpgid(0, 0)               = 0
[pid   399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   399] write(3, "1000", 4)         = 4
[pid   399] close(3)                    = 0
[pid   399] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   399] write(1, "executing program\n", 18) = 18
[pid   399] memfd_create("syzkaller", 0) = 3
[pid   399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   399] munmap(0x7f94994ac000, 138412032) = 0
[pid   399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   399] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   399] close(3)                    = 0
[pid   399] close(4)                    = 0
[pid   399] mkdir("./bus", 0777)        = 0
[   36.739072][  T399] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   36.746820][  T399] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   36.755854][  T399] F2FS-fs (loop0): invalid crc value
[   36.762185][  T399] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   36.784366][  T399] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   36.790989][  T399] F2FS-fs (loop0): Start checkpoint disabled!
[   36.797097][  T399] attempt to access beyond end of device
[   36.797097][  T399] loop0: rw=2049, want=40968, limit=40427
[pid   399] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   399] ioctl(3, LOOP_CLR_FD)       = 0
[pid   399] close(3)                    = 0
[pid   399] memfd_create("syzkaller", 0) = 3
[pid   399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   399] munmap(0x7f94994ac000, 138412032) = 0
[pid   399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   399] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   399] close(3)                    = 0
[pid   399] close(4)                    = 0
[pid   399] mkdir("./file0", 0777)      = 0
[pid   399] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   399] chdir("./file0")            = 0
[pid   399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   399] ioctl(4, LOOP_CLR_FD)       = 0
[pid   399] close(4)                    = 0
[pid   399] close(3)                    = 0
[pid   399] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   399] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   399] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   399] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   399] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   399] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   399] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   399] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   399] exit_group(0)               = ?
[pid   399] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=2, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   36.943627][  T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./19/file0")         = 0
[pid   283] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./19/bus")           = 0
[pid   283] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./19/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./19")               = 0
[pid   283] mkdir("./20", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 22
./strace-static-x86_64: Process 405 attached
[pid   405] set_robust_list(0x55558c003660, 24) = 0
[pid   405] chdir("./20")               = 0
[pid   405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   405] setpgid(0, 0)               = 0
[pid   405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   405] write(3, "1000", 4)         = 4
[pid   405] close(3)                    = 0
[pid   405] symlink("/dev/binderfs", "./binderfs") = 0
[pid   405] write(1, "executing program\n", 18executing program
) = 18
[pid   405] memfd_create("syzkaller", 0) = 3
[pid   405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   405] munmap(0x7f94994ac000, 138412032) = 0
[pid   405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   405] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   405] close(3)                    = 0
[pid   405] close(4)                    = 0
[pid   405] mkdir("./bus", 0777)        = 0
[   37.137238][  T405] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   37.145092][  T405] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   37.158867][  T405] F2FS-fs (loop0): invalid crc value
[   37.169346][  T405] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   37.191274][  T405] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   37.197861][  T405] F2FS-fs (loop0): Start checkpoint disabled!
[   37.204054][  T405] attempt to access beyond end of device
[   37.204054][  T405] loop0: rw=2049, want=40968, limit=40427
[pid   405] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   405] ioctl(3, LOOP_CLR_FD)       = 0
[pid   405] close(3)                    = 0
[pid   405] memfd_create("syzkaller", 0) = 3
[pid   405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   405] munmap(0x7f94994ac000, 138412032) = 0
[pid   405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   405] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   405] close(3)                    = 0
[pid   405] close(4)                    = 0
[pid   405] mkdir("./file0", 0777)      = 0
[pid   405] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   405] chdir("./file0")            = 0
[pid   405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   405] ioctl(4, LOOP_CLR_FD)       = 0
[pid   405] close(4)                    = 0
[pid   405] close(3)                    = 0
[pid   405] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   405] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   405] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   405] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   405] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   405] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   405] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   405] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   405] exit_group(0)               = ?
[pid   405] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=4, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   37.388808][  T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./20/file0")         = 0
[pid   283] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./20/bus")           = 0
[pid   283] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./20/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./20")               = 0
[pid   283] mkdir("./21", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 23
./strace-static-x86_64: Process 411 attached
[pid   411] set_robust_list(0x55558c003660, 24) = 0
[pid   411] chdir("./21")               = 0
[pid   411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   411] setpgid(0, 0)               = 0
[pid   411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   411] write(3, "1000", 4)         = 4
[pid   411] close(3)                    = 0
[pid   411] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   411] write(1, "executing program\n", 18) = 18
[pid   411] memfd_create("syzkaller", 0) = 3
[pid   411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   411] munmap(0x7f94994ac000, 138412032) = 0
[pid   411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   411] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   411] close(3)                    = 0
[pid   411] close(4)                    = 0
[pid   411] mkdir("./bus", 0777)        = 0
[   37.672530][  T411] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   37.680310][  T411] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   37.689568][  T411] F2FS-fs (loop0): invalid crc value
[   37.695958][  T411] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   37.717999][  T411] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   37.724674][  T411] F2FS-fs (loop0): Start checkpoint disabled!
[pid   411] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   411] ioctl(3, LOOP_CLR_FD)       = 0
[pid   411] close(3)                    = 0
[pid   411] memfd_create("syzkaller", 0) = 3
[pid   411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   411] munmap(0x7f94994ac000, 138412032) = 0
[pid   411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   411] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   411] close(3)                    = 0
[pid   411] close(4)                    = 0
[pid   411] mkdir("./file0", 0777)      = 0
[pid   411] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   411] chdir("./file0")            = 0
[pid   411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   411] ioctl(4, LOOP_CLR_FD)       = 0
[pid   411] close(4)                    = 0
[pid   411] close(3)                    = 0
[pid   411] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   411] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   411] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   411] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   411] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   411] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   411] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   411] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   411] exit_group(0)               = ?
[pid   411] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   37.875927][  T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./21/file0")         = 0
[pid   283] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./21/bus")           = 0
[pid   283] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./21/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./21")               = 0
[pid   283] mkdir("./22", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 24
./strace-static-x86_64: Process 417 attached
[pid   417] set_robust_list(0x55558c003660, 24) = 0
[pid   417] chdir("./22")               = 0
[pid   417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   417] setpgid(0, 0)               = 0
[pid   417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   417] write(3, "1000", 4)         = 4
[pid   417] close(3)                    = 0
[pid   417] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   417] write(1, "executing program\n", 18) = 18
[pid   417] memfd_create("syzkaller", 0) = 3
[pid   417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   417] munmap(0x7f94994ac000, 138412032) = 0
[pid   417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   417] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   417] close(3)                    = 0
[pid   417] close(4)                    = 0
[pid   417] mkdir("./bus", 0777)        = 0
[   38.090082][  T417] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   38.097825][  T417] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   38.107211][  T417] F2FS-fs (loop0): invalid crc value
[   38.113685][  T417] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   417] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   38.135903][  T417] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   38.142610][  T417] F2FS-fs (loop0): Start checkpoint disabled!
[   38.148760][  T417] handle_bad_sector: 1 callbacks suppressed
[   38.148773][  T417] attempt to access beyond end of device
[   38.148773][  T417] loop0: rw=2049, want=40968, limit=40427
[pid   417] ioctl(3, LOOP_CLR_FD)       = 0
[pid   417] close(3)                    = 0
[pid   417] memfd_create("syzkaller", 0) = 3
[pid   417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   417] munmap(0x7f94994ac000, 138412032) = 0
[pid   417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   417] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   417] close(3)                    = 0
[pid   417] close(4)                    = 0
[pid   417] mkdir("./file0", 0777)      = 0
[pid   417] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   417] chdir("./file0")            = 0
[pid   417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   417] ioctl(4, LOOP_CLR_FD)       = 0
[pid   417] close(4)                    = 0
[pid   417] close(3)                    = 0
[pid   417] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   417] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   417] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   417] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   417] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   417] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   417] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   417] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   417] exit_group(0)               = ?
[pid   417] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=5, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   38.309814][  T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./22/file0")         = 0
[pid   283] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./22/bus")           = 0
[pid   283] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./22/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./22")               = 0
[pid   283] mkdir("./23", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
executing program
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 25
./strace-static-x86_64: Process 423 attached
[pid   423] set_robust_list(0x55558c003660, 24) = 0
[pid   423] chdir("./23")               = 0
[pid   423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   423] setpgid(0, 0)               = 0
[pid   423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   423] write(3, "1000", 4)         = 4
[pid   423] close(3)                    = 0
[pid   423] symlink("/dev/binderfs", "./binderfs") = 0
[pid   423] write(1, "executing program\n", 18) = 18
[pid   423] memfd_create("syzkaller", 0) = 3
[pid   423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   423] munmap(0x7f94994ac000, 138412032) = 0
[pid   423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   423] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   423] close(3)                    = 0
[pid   423] close(4)                    = 0
[pid   423] mkdir("./bus", 0777)        = 0
[   38.521722][  T423] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   38.529561][  T423] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   38.539289][  T423] F2FS-fs (loop0): invalid crc value
[   38.545704][  T423] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   38.568217][  T423] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   38.574843][  T423] F2FS-fs (loop0): Start checkpoint disabled!
[   38.581054][  T423] attempt to access beyond end of device
[   38.581054][  T423] loop0: rw=2049, want=40968, limit=40427
[pid   423] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   423] ioctl(3, LOOP_CLR_FD)       = 0
[pid   423] close(3)                    = 0
[pid   423] memfd_create("syzkaller", 0) = 3
[pid   423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   423] munmap(0x7f94994ac000, 138412032) = 0
[pid   423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   423] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   423] close(3)                    = 0
[pid   423] close(4)                    = 0
[pid   423] mkdir("./file0", 0777)      = 0
[pid   423] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   423] chdir("./file0")            = 0
[pid   423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   423] ioctl(4, LOOP_CLR_FD)       = 0
[pid   423] close(4)                    = 0
[pid   423] close(3)                    = 0
[pid   423] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   423] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   423] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   423] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   423] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   423] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   423] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   423] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   423] exit_group(0)               = ?
[pid   423] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./23/file0")         = 0
[pid   283] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./23/bus")           = 0
[pid   283] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./23/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./23")               = 0
[pid   283] mkdir("./24", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[   38.735838][  T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 26
./strace-static-x86_64: Process 429 attached
[pid   429] set_robust_list(0x55558c003660, 24) = 0
[pid   429] chdir("./24")               = 0
[pid   429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   429] setpgid(0, 0)               = 0
[pid   429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   429] write(3, "1000", 4)         = 4
[pid   429] close(3)                    = 0
[pid   429] symlink("/dev/binderfs", "./binderfs") = 0
[pid   429] write(1, "executing program\n", 18executing program
) = 18
[pid   429] memfd_create("syzkaller", 0) = 3
[pid   429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   429] munmap(0x7f94994ac000, 138412032) = 0
[pid   429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   429] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   429] close(3)                    = 0
[pid   429] close(4)                    = 0
[pid   429] mkdir("./bus", 0777)        = 0
[   38.902017][  T429] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   38.910094][  T429] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   38.919397][  T429] F2FS-fs (loop0): invalid crc value
[   38.925783][  T429] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   38.947505][  T429] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   38.954225][  T429] F2FS-fs (loop0): Start checkpoint disabled!
[   38.960373][  T429] attempt to access beyond end of device
[   38.960373][  T429] loop0: rw=2049, want=40968, limit=40427
[pid   429] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   429] ioctl(3, LOOP_CLR_FD)       = 0
[pid   429] close(3)                    = 0
[pid   429] memfd_create("syzkaller", 0) = 3
[pid   429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   429] munmap(0x7f94994ac000, 138412032) = 0
[pid   429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   429] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   429] close(3)                    = 0
[pid   429] close(4)                    = 0
[pid   429] mkdir("./file0", 0777)      = 0
[pid   429] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   429] chdir("./file0")            = 0
[pid   429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   429] ioctl(4, LOOP_CLR_FD)       = 0
[pid   429] close(4)                    = 0
[pid   429] close(3)                    = 0
[pid   429] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   429] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   429] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   429] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   429] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   429] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   429] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   429] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   429] exit_group(0)               = ?
[pid   429] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   39.127071][  T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./24/file0")         = 0
[pid   283] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./24/bus")           = 0
[pid   283] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./24/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./24")               = 0
[pid   283] mkdir("./25", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 27
./strace-static-x86_64: Process 435 attached
[pid   435] set_robust_list(0x55558c003660, 24) = 0
[pid   435] chdir("./25")               = 0
[pid   435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   435] setpgid(0, 0)               = 0
[pid   435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   435] write(3, "1000", 4)         = 4
[pid   435] close(3)                    = 0
[pid   435] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   435] write(1, "executing program\n", 18) = 18
[pid   435] memfd_create("syzkaller", 0) = 3
[pid   435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   435] munmap(0x7f94994ac000, 138412032) = 0
[pid   435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   435] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   435] close(3)                    = 0
[pid   435] close(4)                    = 0
[pid   435] mkdir("./bus", 0777)        = 0
[   39.345618][  T435] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   39.353438][  T435] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   39.362803][  T435] F2FS-fs (loop0): invalid crc value
[   39.369168][  T435] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   39.391232][  T435] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   39.397893][  T435] F2FS-fs (loop0): Start checkpoint disabled!
[   39.404072][  T435] attempt to access beyond end of device
[   39.404072][  T435] loop0: rw=2049, want=40968, limit=40427
[pid   435] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   435] ioctl(3, LOOP_CLR_FD)       = 0
[pid   435] close(3)                    = 0
[pid   435] memfd_create("syzkaller", 0) = 3
[pid   435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   435] munmap(0x7f94994ac000, 138412032) = 0
[pid   435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   435] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   435] close(3)                    = 0
[pid   435] close(4)                    = 0
[pid   435] mkdir("./file0", 0777)      = 0
[pid   435] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   435] chdir("./file0")            = 0
[pid   435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   435] ioctl(4, LOOP_CLR_FD)       = 0
[pid   435] close(4)                    = 0
[pid   435] close(3)                    = 0
[pid   435] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   435] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   435] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   435] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   435] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   435] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   435] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   435] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   435] exit_group(0)               = ?
[pid   435] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=2, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   39.564971][  T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./25/file0")         = 0
[pid   283] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./25/bus")           = 0
[pid   283] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./25/binderfs", executing program
{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./25/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./25")               = 0
[pid   283] mkdir("./26", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 28
./strace-static-x86_64: Process 441 attached
[pid   441] set_robust_list(0x55558c003660, 24) = 0
[pid   441] chdir("./26")               = 0
[pid   441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   441] setpgid(0, 0)               = 0
[pid   441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   441] write(3, "1000", 4)         = 4
[pid   441] close(3)                    = 0
[pid   441] symlink("/dev/binderfs", "./binderfs") = 0
[pid   441] write(1, "executing program\n", 18) = 18
[pid   441] memfd_create("syzkaller", 0) = 3
[pid   441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   441] munmap(0x7f94994ac000, 138412032) = 0
[pid   441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   441] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   441] close(3)                    = 0
[pid   441] close(4)                    = 0
[pid   441] mkdir("./bus", 0777)        = 0
[   39.820940][  T441] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   39.828745][  T441] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   39.837926][  T441] F2FS-fs (loop0): invalid crc value
[   39.844407][  T441] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   39.866498][  T441] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   39.873255][  T441] F2FS-fs (loop0): Start checkpoint disabled!
[   39.879432][  T441] attempt to access beyond end of device
[   39.879432][  T441] loop0: rw=2049, want=40968, limit=40427
[pid   441] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   441] ioctl(3, LOOP_CLR_FD)       = 0
[pid   441] close(3)                    = 0
[pid   441] memfd_create("syzkaller", 0) = 3
[pid   441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   441] munmap(0x7f94994ac000, 138412032) = 0
[pid   441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   441] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   441] close(3)                    = 0
[pid   441] close(4)                    = 0
[pid   441] mkdir("./file0", 0777)      = 0
[pid   441] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   441] chdir("./file0")            = 0
[pid   441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   441] ioctl(4, LOOP_CLR_FD)       = 0
[pid   441] close(4)                    = 0
[pid   441] close(3)                    = 0
[pid   441] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   441] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   441] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   441] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   441] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   441] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   441] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   441] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   441] exit_group(0)               = ?
[pid   441] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   40.030560][  T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./26/file0")         = 0
[pid   283] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./26/bus")           = 0
[pid   283] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./26/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./26")               = 0
[pid   283] mkdir("./27", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 29
./strace-static-x86_64: Process 447 attached
[pid   447] set_robust_list(0x55558c003660, 24) = 0
[pid   447] chdir("./27")               = 0
executing program
[pid   447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   447] setpgid(0, 0)               = 0
[pid   447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   447] write(3, "1000", 4)         = 4
[pid   447] close(3)                    = 0
[pid   447] symlink("/dev/binderfs", "./binderfs") = 0
[pid   447] write(1, "executing program\n", 18) = 18
[pid   447] memfd_create("syzkaller", 0) = 3
[pid   447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   447] munmap(0x7f94994ac000, 138412032) = 0
[pid   447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   447] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   447] close(3)                    = 0
[pid   447] close(4)                    = 0
[pid   447] mkdir("./bus", 0777)        = 0
[   40.257294][  T447] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   40.265280][  T447] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   40.274410][  T447] F2FS-fs (loop0): invalid crc value
[   40.280768][  T447] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   40.302630][  T447] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   40.309321][  T447] F2FS-fs (loop0): Start checkpoint disabled!
[   40.315440][  T447] attempt to access beyond end of device
[   40.315440][  T447] loop0: rw=2049, want=40968, limit=40427
[pid   447] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   447] ioctl(3, LOOP_CLR_FD)       = 0
[pid   447] close(3)                    = 0
[pid   447] memfd_create("syzkaller", 0) = 3
[pid   447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   447] munmap(0x7f94994ac000, 138412032) = 0
[pid   447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   447] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   447] close(3)                    = 0
[pid   447] close(4)                    = 0
[pid   447] mkdir("./file0", 0777)      = 0
[pid   447] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   447] chdir("./file0")            = 0
[pid   447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   447] ioctl(4, LOOP_CLR_FD)       = 0
[pid   447] close(4)                    = 0
[pid   447] close(3)                    = 0
[pid   447] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   447] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   447] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   447] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   447] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   447] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   447] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   447] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   447] exit_group(0)               = ?
[pid   447] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=6, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./27/file0")         = 0
[pid   283] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./27/bus")           = 0
[pid   283] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./27/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./27")               = 0
[pid   283] mkdir("./28", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 30
./strace-static-x86_64: Process 453 attached
[pid   453] set_robust_list(0x55558c003660, 24) = 0
[pid   453] chdir("./28")               = 0
[pid   453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   453] setpgid(0, 0)               = 0
[pid   453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   453] write(3, "1000", 4)         = 4
[pid   453] close(3)                    = 0
[pid   453] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   453] write(1, "executing program\n", 18) = 18
[pid   453] memfd_create("syzkaller", 0) = 3
[pid   453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   40.495987][  T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   453] munmap(0x7f94994ac000, 138412032) = 0
[pid   453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   453] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   453] close(3)                    = 0
[pid   453] close(4)                    = 0
[pid   453] mkdir("./bus", 0777)        = 0
[   40.653966][  T453] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   40.661903][  T453] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   40.671213][  T453] F2FS-fs (loop0): invalid crc value
[   40.677490][  T453] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   453] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   40.699848][  T453] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   40.706890][  T453] F2FS-fs (loop0): Start checkpoint disabled!
[   40.713137][  T453] attempt to access beyond end of device
[   40.713137][  T453] loop0: rw=2049, want=40968, limit=40427
[pid   453] ioctl(3, LOOP_CLR_FD)       = 0
[pid   453] close(3)                    = 0
[pid   453] memfd_create("syzkaller", 0) = 3
[pid   453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   453] munmap(0x7f94994ac000, 138412032) = 0
[pid   453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   453] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   453] close(3)                    = 0
[pid   453] close(4)                    = 0
[pid   453] mkdir("./file0", 0777)      = 0
[pid   453] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   453] chdir("./file0")            = 0
[pid   453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   453] ioctl(4, LOOP_CLR_FD)       = 0
[pid   453] close(4)                    = 0
[pid   453] close(3)                    = 0
[pid   453] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   453] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   453] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   453] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   453] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   453] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   453] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   453] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   453] exit_group(0)               = ?
[pid   453] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=2, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   40.837945][  T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./28/file0")         = 0
[pid   283] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./28/bus")           = 0
[pid   283] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./28/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./28")               = 0
[pid   283] mkdir("./29", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FDexecuting program
)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 31
./strace-static-x86_64: Process 459 attached
[pid   459] set_robust_list(0x55558c003660, 24) = 0
[pid   459] chdir("./29")               = 0
[pid   459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   459] setpgid(0, 0)               = 0
[pid   459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   459] write(3, "1000", 4)         = 4
[pid   459] close(3)                    = 0
[pid   459] symlink("/dev/binderfs", "./binderfs") = 0
[pid   459] write(1, "executing program\n", 18) = 18
[pid   459] memfd_create("syzkaller", 0) = 3
[pid   459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   459] munmap(0x7f94994ac000, 138412032) = 0
[pid   459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   459] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   459] close(3)                    = 0
[pid   459] close(4)                    = 0
[pid   459] mkdir("./bus", 0777)        = 0
[   41.013560][  T459] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   41.021422][  T459] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   41.030774][  T459] F2FS-fs (loop0): invalid crc value
[   41.037170][  T459] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   41.059911][  T459] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   41.066571][  T459] F2FS-fs (loop0): Start checkpoint disabled!
[   41.072754][  T459] attempt to access beyond end of device
[   41.072754][  T459] loop0: rw=2049, want=40968, limit=40427
[pid   459] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   459] ioctl(3, LOOP_CLR_FD)       = 0
[pid   459] close(3)                    = 0
[pid   459] memfd_create("syzkaller", 0) = 3
[pid   459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   459] munmap(0x7f94994ac000, 138412032) = 0
[pid   459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   459] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   459] close(3)                    = 0
[pid   459] close(4)                    = 0
[pid   459] mkdir("./file0", 0777)      = 0
[pid   459] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   459] chdir("./file0")            = 0
[pid   459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   459] ioctl(4, LOOP_CLR_FD)       = 0
[pid   459] close(4)                    = 0
[pid   459] close(3)                    = 0
[pid   459] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   459] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   459] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   459] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   459] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   459] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   459] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   459] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   459] exit_group(0)               = ?
[pid   459] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   41.226225][  T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./29/file0")         = 0
[pid   283] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./29/bus")           = 0
[pid   283] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./29/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./29")               = 0
[pid   283] mkdir("./30", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 32
./strace-static-x86_64: Process 465 attached
[pid   465] set_robust_list(0x55558c003660, 24) = 0
[pid   465] chdir("./30")               = 0
[pid   465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   465] setpgid(0, 0)               = 0
[pid   465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   465] write(3, "1000", 4)         = 4
[pid   465] close(3)                    = 0
[pid   465] symlink("/dev/binderfs", "./binderfs") = 0
[pid   465] write(1, "executing program\n", 18executing program
) = 18
[pid   465] memfd_create("syzkaller", 0) = 3
[pid   465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   465] munmap(0x7f94994ac000, 138412032) = 0
[pid   465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   465] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   465] close(3)                    = 0
[pid   465] close(4)                    = 0
[pid   465] mkdir("./bus", 0777)        = 0
[   41.507340][  T465] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   41.515136][  T465] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   41.524288][  T465] F2FS-fs (loop0): invalid crc value
[   41.530742][  T465] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   41.553046][  T465] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   41.559704][  T465] F2FS-fs (loop0): Start checkpoint disabled!
[   41.565826][  T465] attempt to access beyond end of device
[   41.565826][  T465] loop0: rw=2049, want=40968, limit=40427
[pid   465] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   465] ioctl(3, LOOP_CLR_FD)       = 0
[pid   465] close(3)                    = 0
[pid   465] memfd_create("syzkaller", 0) = 3
[pid   465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   465] munmap(0x7f94994ac000, 138412032) = 0
[pid   465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   465] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   465] close(3)                    = 0
[pid   465] close(4)                    = 0
[pid   465] mkdir("./file0", 0777)      = 0
[pid   465] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   465] chdir("./file0")            = 0
[pid   465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   465] ioctl(4, LOOP_CLR_FD)       = 0
[pid   465] close(4)                    = 0
[pid   465] close(3)                    = 0
[pid   465] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   465] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   465] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   465] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   465] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   465] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   465] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   465] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   465] exit_group(0)               = ?
[pid   465] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=5, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   41.744907][  T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./30/file0")         = 0
[pid   283] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./30/bus")           = 0
[pid   283] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./30/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./30")               = 0
[pid   283] mkdir("./31", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 471 attached
 <unfinished ...>
[pid   471] set_robust_list(0x55558c003660, 24) = 0
[pid   471] chdir("./31")               = 0
[pid   471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   471] setpgid(0, 0)               = 0
executing program
[pid   471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   283] <... clone resumed>, child_tidptr=0x55558c003650) = 33
[pid   471] <... openat resumed>)       = 3
[pid   471] write(3, "1000", 4)         = 4
[pid   471] close(3)                    = 0
[pid   471] symlink("/dev/binderfs", "./binderfs") = 0
[pid   471] write(1, "executing program\n", 18) = 18
[pid   471] memfd_create("syzkaller", 0) = 3
[pid   471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   471] munmap(0x7f94994ac000, 138412032) = 0
[pid   471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   471] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   471] close(3)                    = 0
[pid   471] close(4)                    = 0
[pid   471] mkdir("./bus", 0777)        = 0
[   41.928745][  T471] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   41.936617][  T471] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   41.945673][  T471] F2FS-fs (loop0): invalid crc value
[   41.952003][  T471] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   471] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   41.974087][  T471] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   41.980721][  T471] F2FS-fs (loop0): Start checkpoint disabled!
[   41.986835][  T471] attempt to access beyond end of device
[   41.986835][  T471] loop0: rw=2049, want=40968, limit=40427
[pid   471] ioctl(3, LOOP_CLR_FD)       = 0
[pid   471] close(3)                    = 0
[pid   471] memfd_create("syzkaller", 0) = 3
[pid   471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   471] munmap(0x7f94994ac000, 138412032) = 0
[pid   471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   471] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   471] close(3)                    = 0
[pid   471] close(4)                    = 0
[pid   471] mkdir("./file0", 0777)      = 0
[pid   471] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   471] chdir("./file0")            = 0
[pid   471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   471] ioctl(4, LOOP_CLR_FD)       = 0
[pid   471] close(4)                    = 0
[pid   471] close(3)                    = 0
[pid   471] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   471] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   471] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   471] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   471] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   471] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   471] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   471] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   471] exit_group(0)               = ?
[pid   471] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   42.138577][  T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./31/file0")         = 0
[pid   283] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./31/bus")           = 0
[pid   283] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./31/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./31")               = 0
[pid   283] mkdir("./32", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 34
./strace-static-x86_64: Process 477 attached
[pid   477] set_robust_list(0x55558c003660, 24) = 0
[pid   477] chdir("./32")               = 0
[pid   477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   477] setpgid(0, 0)               = 0
[pid   477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   477] write(3, "1000", 4)         = 4
[pid   477] close(3)                    = 0
[pid   477] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   477] write(1, "executing program\n", 18) = 18
[pid   477] memfd_create("syzkaller", 0) = 3
[pid   477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   477] munmap(0x7f94994ac000, 138412032) = 0
[pid   477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   477] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   477] close(3)                    = 0
[pid   477] close(4)                    = 0
[pid   477] mkdir("./bus", 0777)        = 0
[   42.382039][  T477] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   42.389954][  T477] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   42.399321][  T477] F2FS-fs (loop0): invalid crc value
[   42.405727][  T477] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   42.428204][  T477] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   42.434822][  T477] F2FS-fs (loop0): Start checkpoint disabled!
[pid   477] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   477] ioctl(3, LOOP_CLR_FD)       = 0
[pid   477] close(3)                    = 0
[pid   477] memfd_create("syzkaller", 0) = 3
[pid   477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   477] munmap(0x7f94994ac000, 138412032) = 0
[pid   477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   477] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   477] close(3)                    = 0
[pid   477] close(4)                    = 0
[pid   477] mkdir("./file0", 0777)      = 0
[pid   477] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   477] chdir("./file0")            = 0
[pid   477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   477] ioctl(4, LOOP_CLR_FD)       = 0
[pid   477] close(4)                    = 0
[pid   477] close(3)                    = 0
[pid   477] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   477] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   477] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   477] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   477] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   477] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   477] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   477] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   477] exit_group(0)               = ?
[pid   477] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./32/file0")         = 0
[pid   283] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./32/bus")           = 0
[pid   283] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./32/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./32")               = 0
[pid   283] mkdir("./33", 0777)         = 0
[   42.610606][  T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program
) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 35
./strace-static-x86_64: Process 483 attached
[pid   483] set_robust_list(0x55558c003660, 24) = 0
[pid   483] chdir("./33")               = 0
[pid   483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   483] setpgid(0, 0)               = 0
[pid   483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   483] write(3, "1000", 4)         = 4
[pid   483] close(3)                    = 0
[pid   483] symlink("/dev/binderfs", "./binderfs") = 0
[pid   483] write(1, "executing program\n", 18) = 18
[pid   483] memfd_create("syzkaller", 0) = 3
[pid   483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   483] munmap(0x7f94994ac000, 138412032) = 0
[pid   483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   483] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   483] close(3)                    = 0
[pid   483] close(4)                    = 0
[pid   483] mkdir("./bus", 0777)        = 0
[   42.865777][  T483] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   42.873558][  T483] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   42.882607][  T483] F2FS-fs (loop0): invalid crc value
[   42.889042][  T483] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   42.911163][  T483] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   42.917833][  T483] F2FS-fs (loop0): Start checkpoint disabled!
[pid   483] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   483] ioctl(3, LOOP_CLR_FD)       = 0
[pid   483] close(3)                    = 0
[pid   483] memfd_create("syzkaller", 0) = 3
[pid   483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   483] munmap(0x7f94994ac000, 138412032) = 0
[pid   483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   483] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   483] close(3)                    = 0
[pid   483] close(4)                    = 0
[pid   483] mkdir("./file0", 0777)      = 0
[pid   483] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   483] chdir("./file0")            = 0
[pid   483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   483] ioctl(4, LOOP_CLR_FD)       = 0
[pid   483] close(4)                    = 0
[pid   483] close(3)                    = 0
[pid   483] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   483] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   483] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   483] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   483] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   483] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   483] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   483] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   483] exit_group(0)               = ?
[pid   483] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   43.116843][  T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./33/file0")         = 0
[pid   283] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./33/bus")           = 0
[pid   283] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./33/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./33")               = 0
[pid   283] mkdir("./34", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3executing program
)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 36
./strace-static-x86_64: Process 489 attached
[pid   489] set_robust_list(0x55558c003660, 24) = 0
[pid   489] chdir("./34")               = 0
[pid   489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   489] setpgid(0, 0)               = 0
[pid   489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   489] write(3, "1000", 4)         = 4
[pid   489] close(3)                    = 0
[pid   489] symlink("/dev/binderfs", "./binderfs") = 0
[pid   489] write(1, "executing program\n", 18) = 18
[pid   489] memfd_create("syzkaller", 0) = 3
[pid   489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   489] munmap(0x7f94994ac000, 138412032) = 0
[pid   489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   489] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   489] close(3)                    = 0
[pid   489] close(4)                    = 0
[pid   489] mkdir("./bus", 0777)        = 0
[   43.334295][  T489] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   43.342206][  T489] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   43.351195][  T489] F2FS-fs (loop0): invalid crc value
[   43.357349][  T489] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   43.378895][  T489] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   43.385558][  T489] F2FS-fs (loop0): Start checkpoint disabled!
[   43.391727][  T489] handle_bad_sector: 2 callbacks suppressed
[   43.391739][  T489] attempt to access beyond end of device
[   43.391739][  T489] loop0: rw=2049, want=40968, limit=40427
[pid   489] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   489] ioctl(3, LOOP_CLR_FD)       = 0
[pid   489] close(3)                    = 0
[pid   489] memfd_create("syzkaller", 0) = 3
[pid   489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   489] munmap(0x7f94994ac000, 138412032) = 0
[pid   489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   489] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   489] close(3)                    = 0
[pid   489] close(4)                    = 0
[pid   489] mkdir("./file0", 0777)      = 0
[pid   489] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   489] chdir("./file0")            = 0
[pid   489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   489] ioctl(4, LOOP_CLR_FD)       = 0
[pid   489] close(4)                    = 0
[pid   489] close(3)                    = 0
[pid   489] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   489] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   489] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   489] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   489] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   489] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   489] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   489] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   489] exit_group(0)               = ?
[pid   489] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   43.528847][  T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./34/file0")         = 0
[pid   283] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./34/bus")           = 0
[pid   283] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./34/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./34")               = 0
[pid   283] mkdir("./35", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
executing program
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 37
./strace-static-x86_64: Process 495 attached
[pid   495] set_robust_list(0x55558c003660, 24) = 0
[pid   495] chdir("./35")               = 0
[pid   495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   495] setpgid(0, 0)               = 0
[pid   495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   495] write(3, "1000", 4)         = 4
[pid   495] close(3)                    = 0
[pid   495] symlink("/dev/binderfs", "./binderfs") = 0
[pid   495] write(1, "executing program\n", 18) = 18
[pid   495] memfd_create("syzkaller", 0) = 3
[pid   495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   495] munmap(0x7f94994ac000, 138412032) = 0
[pid   495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   495] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   495] close(3)                    = 0
[pid   495] close(4)                    = 0
[pid   495] mkdir("./bus", 0777)        = 0
[   43.775254][  T495] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   43.783091][  T495] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   43.792166][  T495] F2FS-fs (loop0): invalid crc value
[   43.798491][  T495] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   43.820350][  T495] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   43.826975][  T495] F2FS-fs (loop0): Start checkpoint disabled!
[   43.833177][  T495] attempt to access beyond end of device
[   43.833177][  T495] loop0: rw=2049, want=40968, limit=40427
[pid   495] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   495] ioctl(3, LOOP_CLR_FD)       = 0
[pid   495] close(3)                    = 0
[pid   495] memfd_create("syzkaller", 0) = 3
[pid   495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   495] munmap(0x7f94994ac000, 138412032) = 0
[pid   495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   495] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   495] close(3)                    = 0
[pid   495] close(4)                    = 0
[pid   495] mkdir("./file0", 0777)      = 0
[pid   495] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   495] chdir("./file0")            = 0
[pid   495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   495] ioctl(4, LOOP_CLR_FD)       = 0
[pid   495] close(4)                    = 0
[pid   495] close(3)                    = 0
[pid   495] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   495] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   495] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   495] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   495] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   495] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   495] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   495] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   495] exit_group(0)               = ?
[pid   495] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=3, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   44.056402][  T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./35/file0")         = 0
[pid   283] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./35/bus")           = 0
[pid   283] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./35/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./35")               = 0
[pid   283] mkdir("./36", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558c003650) = 38
./strace-static-x86_64: Process 501 attached
[pid   501] set_robust_list(0x55558c003660, 24) = 0
[pid   501] chdir("./36")               = 0
[pid   501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   501] setpgid(0, 0)               = 0
[pid   501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   501] write(3, "1000", 4)         = 4
[pid   501] close(3)                    = 0
[pid   501] symlink("/dev/binderfs", "./binderfs") = 0
[pid   501] write(1, "executing program\n", 18) = 18
[pid   501] memfd_create("syzkaller", 0) = 3
[pid   501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   501] munmap(0x7f94994ac000, 138412032) = 0
[pid   501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   501] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   501] close(3)                    = 0
[pid   501] close(4)                    = 0
[pid   501] mkdir("./bus", 0777)        = 0
[   44.333556][  T501] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   44.341376][  T501] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   44.350723][  T501] F2FS-fs (loop0): invalid crc value
[   44.357070][  T501] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   44.379172][  T501] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   44.385762][  T501] F2FS-fs (loop0): Start checkpoint disabled!
[   44.391921][  T501] attempt to access beyond end of device
[   44.391921][  T501] loop0: rw=2049, want=40968, limit=40427
[pid   501] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   501] ioctl(3, LOOP_CLR_FD)       = 0
[pid   501] close(3)                    = 0
[pid   501] memfd_create("syzkaller", 0) = 3
[pid   501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   501] munmap(0x7f94994ac000, 138412032) = 0
[pid   501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   501] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   501] close(3)                    = 0
[pid   501] close(4)                    = 0
[pid   501] mkdir("./file0", 0777)      = 0
[pid   501] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   501] chdir("./file0")            = 0
[pid   501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   501] ioctl(4, LOOP_CLR_FD)       = 0
[pid   501] close(4)                    = 0
[pid   501] close(3)                    = 0
[pid   501] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   501] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   501] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   501] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   501] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   501] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   501] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   501] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   501] exit_group(0)               = ?
[pid   501] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./36/file0")         = 0
[pid   283] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./36/bus")           = 0
[pid   283] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./36/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./36")               = 0
[pid   283] mkdir("./37", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 39
./strace-static-x86_64: Process 507 attached
[pid   507] set_robust_list(0x55558c003660, 24) = 0
executing program
[pid   507] chdir("./37")               = 0
[pid   507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   507] setpgid(0, 0)               = 0
[pid   507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   507] write(3, "1000", 4)         = 4
[pid   507] close(3)                    = 0
[pid   507] symlink("/dev/binderfs", "./binderfs") = 0
[pid   507] write(1, "executing program\n", 18) = 18
[pid   507] memfd_create("syzkaller", 0) = 3
[pid   507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   44.570061][  T501] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   507] munmap(0x7f94994ac000, 138412032) = 0
[pid   507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   507] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   507] close(3)                    = 0
[pid   507] close(4)                    = 0
[pid   507] mkdir("./bus", 0777)        = 0
[   44.825572][  T507] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   44.833353][  T507] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   44.842570][  T507] F2FS-fs (loop0): invalid crc value
[   44.849121][  T507] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   507] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   44.871683][  T507] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   44.878271][  T507] F2FS-fs (loop0): Start checkpoint disabled!
[   44.884458][  T507] attempt to access beyond end of device
[   44.884458][  T507] loop0: rw=2049, want=40968, limit=40427
[pid   507] ioctl(3, LOOP_CLR_FD)       = 0
[pid   507] close(3)                    = 0
[pid   507] memfd_create("syzkaller", 0) = 3
[pid   507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   507] munmap(0x7f94994ac000, 138412032) = 0
[pid   507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   507] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   507] close(3)                    = 0
[pid   507] close(4)                    = 0
[pid   507] mkdir("./file0", 0777)      = 0
[pid   507] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   507] chdir("./file0")            = 0
[pid   507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   507] ioctl(4, LOOP_CLR_FD)       = 0
[pid   507] close(4)                    = 0
[pid   507] close(3)                    = 0
[pid   507] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   507] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   507] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   507] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   507] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   507] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   507] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   507] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   507] exit_group(0)               = ?
[pid   507] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   45.013695][  T507] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./37/file0")         = 0
[pid   283] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./37/bus")           = 0
[pid   283] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./37/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./37")               = 0
[pid   283] mkdir("./38", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FDexecuting program
)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 40
./strace-static-x86_64: Process 513 attached
[pid   513] set_robust_list(0x55558c003660, 24) = 0
[pid   513] chdir("./38")               = 0
[pid   513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   513] setpgid(0, 0)               = 0
[pid   513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   513] write(3, "1000", 4)         = 4
[pid   513] close(3)                    = 0
[pid   513] symlink("/dev/binderfs", "./binderfs") = 0
[pid   513] write(1, "executing program\n", 18) = 18
[pid   513] memfd_create("syzkaller", 0) = 3
[pid   513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   513] munmap(0x7f94994ac000, 138412032) = 0
[pid   513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   513] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   513] close(3)                    = 0
[pid   513] close(4)                    = 0
[pid   513] mkdir("./bus", 0777)        = 0
[   45.214801][  T513] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   45.222802][  T513] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   45.231896][  T513] F2FS-fs (loop0): invalid crc value
[   45.238155][  T513] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   45.259722][  T513] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   45.266302][  T513] F2FS-fs (loop0): Start checkpoint disabled!
[   45.272482][  T513] attempt to access beyond end of device
[   45.272482][  T513] loop0: rw=2049, want=40968, limit=40427
[pid   513] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   513] ioctl(3, LOOP_CLR_FD)       = 0
[pid   513] close(3)                    = 0
[pid   513] memfd_create("syzkaller", 0) = 3
[pid   513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   513] munmap(0x7f94994ac000, 138412032) = 0
[pid   513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   513] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   513] close(3)                    = 0
[pid   513] close(4)                    = 0
[pid   513] mkdir("./file0", 0777)      = 0
[pid   513] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   513] chdir("./file0")            = 0
[pid   513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   513] ioctl(4, LOOP_CLR_FD)       = 0
[pid   513] close(4)                    = 0
[pid   513] close(3)                    = 0
[pid   513] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   513] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   513] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   513] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   513] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   513] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   513] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   513] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   513] exit_group(0)               = ?
[pid   513] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=4, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   45.481387][  T513] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./38/file0")         = 0
[pid   283] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./38/bus")           = 0
[pid   283] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./38/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./38")               = 0
[pid   283] mkdir("./39", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 41
./strace-static-x86_64: Process 519 attached
[pid   519] set_robust_list(0x55558c003660, 24) = 0
[pid   519] chdir("./39")               = 0
[pid   519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   519] setpgid(0, 0)               = 0
[pid   519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   519] write(3, "1000", 4)         = 4
[pid   519] close(3)                    = 0
[pid   519] symlink("/dev/binderfs", "./binderfs") = 0
[pid   519] write(1, "executing program\n", 18executing program
) = 18
[pid   519] memfd_create("syzkaller", 0) = 3
[pid   519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   519] munmap(0x7f94994ac000, 138412032) = 0
[pid   519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   519] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   519] close(3)                    = 0
[pid   519] close(4)                    = 0
[pid   519] mkdir("./bus", 0777)        = 0
[   45.697388][  T519] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   45.705307][  T519] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   45.714277][  T519] F2FS-fs (loop0): invalid crc value
[   45.720698][  T519] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   45.742242][  T519] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   45.748889][  T519] F2FS-fs (loop0): Start checkpoint disabled!
[   45.755028][  T519] attempt to access beyond end of device
[   45.755028][  T519] loop0: rw=2049, want=40968, limit=40427
[pid   519] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   519] ioctl(3, LOOP_CLR_FD)       = 0
[pid   519] close(3)                    = 0
[pid   519] memfd_create("syzkaller", 0) = 3
[pid   519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   519] munmap(0x7f94994ac000, 138412032) = 0
[pid   519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   519] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   519] close(3)                    = 0
[pid   519] close(4)                    = 0
[pid   519] mkdir("./file0", 0777)      = 0
[pid   519] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   519] chdir("./file0")            = 0
[pid   519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   519] ioctl(4, LOOP_CLR_FD)       = 0
[pid   519] close(4)                    = 0
[pid   519] close(3)                    = 0
[pid   519] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   519] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   519] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   519] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   519] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   519] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   519] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   519] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   519] exit_group(0)               = ?
[pid   519] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./39/file0")         = 0
[pid   283] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[   45.971799][  T519] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] rmdir("./39/bus")           = 0
[pid   283] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./39/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./39")               = 0
[pid   283] mkdir("./40", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558c003650) = 42
./strace-static-x86_64: Process 525 attached
[pid   525] set_robust_list(0x55558c003660, 24) = 0
[pid   525] chdir("./40")               = 0
[pid   525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   525] setpgid(0, 0)               = 0
[pid   525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   525] write(3, "1000", 4)         = 4
[pid   525] close(3)                    = 0
[pid   525] symlink("/dev/binderfs", "./binderfs") = 0
[pid   525] write(1, "executing program\n", 18) = 18
[pid   525] memfd_create("syzkaller", 0) = 3
[pid   525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   525] munmap(0x7f94994ac000, 138412032) = 0
[pid   525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   525] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   525] close(3)                    = 0
[pid   525] close(4)                    = 0
[pid   525] mkdir("./bus", 0777)        = 0
[   46.135685][  T525] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   46.143488][  T525] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   46.156559][  T525] F2FS-fs (loop0): invalid crc value
[   46.163055][  T525] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   46.185880][  T525] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   46.192526][  T525] F2FS-fs (loop0): Start checkpoint disabled!
[   46.198698][  T525] attempt to access beyond end of device
[   46.198698][  T525] loop0: rw=2049, want=40968, limit=40427
[pid   525] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   525] ioctl(3, LOOP_CLR_FD)       = 0
[pid   525] close(3)                    = 0
[pid   525] memfd_create("syzkaller", 0) = 3
[pid   525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   525] munmap(0x7f94994ac000, 138412032) = 0
[pid   525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   525] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   525] close(3)                    = 0
[pid   525] close(4)                    = 0
[pid   525] mkdir("./file0", 0777)      = 0
[pid   525] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   525] chdir("./file0")            = 0
[pid   525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   525] ioctl(4, LOOP_CLR_FD)       = 0
[pid   525] close(4)                    = 0
[pid   525] close(3)                    = 0
[pid   525] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   525] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   525] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   525] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   525] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   525] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   525] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   525] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   525] exit_group(0)               = ?
[pid   525] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   46.385517][  T525] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./40/file0")         = 0
[pid   283] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./40/bus")           = 0
[pid   283] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./40/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./40")               = 0
[pid   283] mkdir("./41", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 43
./strace-static-x86_64: Process 531 attached
[pid   531] set_robust_list(0x55558c003660, 24) = 0
[pid   531] chdir("./41")               = 0
[pid   531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   531] setpgid(0, 0)               = 0
executing program
[pid   531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   531] write(3, "1000", 4)         = 4
[pid   531] close(3)                    = 0
[pid   531] symlink("/dev/binderfs", "./binderfs") = 0
[pid   531] write(1, "executing program\n", 18) = 18
[pid   531] memfd_create("syzkaller", 0) = 3
[pid   531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   531] munmap(0x7f94994ac000, 138412032) = 0
[pid   531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   531] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   531] close(3)                    = 0
[pid   531] close(4)                    = 0
[pid   531] mkdir("./bus", 0777)        = 0
[   46.661546][  T531] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   46.669320][  T531] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   46.678186][  T531] F2FS-fs (loop0): invalid crc value
[   46.684510][  T531] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   46.706499][  T531] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   46.713252][  T531] F2FS-fs (loop0): Start checkpoint disabled!
[   46.719435][  T531] attempt to access beyond end of device
[   46.719435][  T531] loop0: rw=2049, want=40968, limit=40427
[pid   531] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   531] ioctl(3, LOOP_CLR_FD)       = 0
[pid   531] close(3)                    = 0
[pid   531] memfd_create("syzkaller", 0) = 3
[pid   531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   531] munmap(0x7f94994ac000, 138412032) = 0
[pid   531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   531] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   531] close(3)                    = 0
[pid   531] close(4)                    = 0
[pid   531] mkdir("./file0", 0777)      = 0
[pid   531] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   531] chdir("./file0")            = 0
[pid   531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   531] ioctl(4, LOOP_CLR_FD)       = 0
[pid   531] close(4)                    = 0
[pid   531] close(3)                    = 0
[pid   531] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   531] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   531] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   531] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   531] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   531] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   531] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   531] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   531] exit_group(0)               = ?
[pid   531] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./41/file0")         = 0
[pid   283] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./41/bus")           = 0
[pid   283] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./41/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./41")               = 0
[pid   283] mkdir("./42", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[   46.914334][  T531] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 44
./strace-static-x86_64: Process 537 attached
[pid   537] set_robust_list(0x55558c003660, 24) = 0
[pid   537] chdir("./42")               = 0
[pid   537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   537] setpgid(0, 0)               = 0
[pid   537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   537] write(3, "1000", 4)         = 4
[pid   537] close(3)                    = 0
[pid   537] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   537] write(1, "executing program\n", 18) = 18
[pid   537] memfd_create("syzkaller", 0) = 3
[pid   537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   537] munmap(0x7f94994ac000, 138412032) = 0
[pid   537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   537] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   537] close(3)                    = 0
[pid   537] close(4)                    = 0
[pid   537] mkdir("./bus", 0777)        = 0
[   47.081041][  T537] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   47.088848][  T537] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   47.097905][  T537] F2FS-fs (loop0): invalid crc value
[   47.104573][  T537] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   47.126782][  T537] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   47.133467][  T537] F2FS-fs (loop0): Start checkpoint disabled!
[   47.139755][  T537] attempt to access beyond end of device
[   47.139755][  T537] loop0: rw=2049, want=40968, limit=40427
[pid   537] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   537] ioctl(3, LOOP_CLR_FD)       = 0
[pid   537] close(3)                    = 0
[pid   537] memfd_create("syzkaller", 0) = 3
[pid   537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   537] munmap(0x7f94994ac000, 138412032) = 0
[pid   537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   537] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   537] close(3)                    = 0
[pid   537] close(4)                    = 0
[pid   537] mkdir("./file0", 0777)      = 0
[pid   537] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   537] chdir("./file0")            = 0
[pid   537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   537] ioctl(4, LOOP_CLR_FD)       = 0
[pid   537] close(4)                    = 0
[pid   537] close(3)                    = 0
[pid   537] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   537] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   537] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   537] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   537] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   537] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   537] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   537] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   537] exit_group(0)               = ?
[pid   537] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./42/file0")         = 0
[pid   283] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./42/bus")           = 0
[pid   283] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./42/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./42")               = 0
[pid   283] mkdir("./43", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 45
./strace-static-x86_64: Process 543 attached
[pid   543] set_robust_list(0x55558c003660, 24) = 0
[pid   543] chdir("./43"executing program
)               = 0
[pid   543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   543] setpgid(0, 0)               = 0
[pid   543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   543] write(3, "1000", 4)         = 4
[pid   543] close(3)                    = 0
[pid   543] symlink("/dev/binderfs", "./binderfs") = 0
[pid   543] write(1, "executing program\n", 18) = 18
[pid   543] memfd_create("syzkaller", 0) = 3
[pid   543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   47.332677][  T537] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   543] munmap(0x7f94994ac000, 138412032) = 0
[pid   543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   543] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   543] close(3)                    = 0
[pid   543] close(4)                    = 0
[pid   543] mkdir("./bus", 0777)        = 0
[   47.516524][  T543] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   47.524418][  T543] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   47.533798][  T543] F2FS-fs (loop0): invalid crc value
[   47.540135][  T543] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   47.562002][  T543] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   47.568578][  T543] F2FS-fs (loop0): Start checkpoint disabled!
[   47.574756][  T543] attempt to access beyond end of device
[   47.574756][  T543] loop0: rw=2049, want=40968, limit=40427
[pid   543] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   543] ioctl(3, LOOP_CLR_FD)       = 0
[pid   543] close(3)                    = 0
[pid   543] memfd_create("syzkaller", 0) = 3
[pid   543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   543] munmap(0x7f94994ac000, 138412032) = 0
[pid   543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   543] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   543] close(3)                    = 0
[pid   543] close(4)                    = 0
[pid   543] mkdir("./file0", 0777)      = 0
[pid   543] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   543] chdir("./file0")            = 0
[pid   543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   543] ioctl(4, LOOP_CLR_FD)       = 0
[pid   543] close(4)                    = 0
[pid   543] close(3)                    = 0
[pid   543] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   543] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   543] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   543] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   543] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   543] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   543] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   543] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   543] exit_group(0)               = ?
[pid   543] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./43/file0")         = 0
[pid   283] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./43/bus")           = 0
[pid   283] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./43/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./43")               = 0
[pid   283] mkdir("./44", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   47.775374][  T543] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3executing program
)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 46
./strace-static-x86_64: Process 549 attached
[pid   549] set_robust_list(0x55558c003660, 24) = 0
[pid   549] chdir("./44")               = 0
[pid   549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   549] setpgid(0, 0)               = 0
[pid   549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   549] write(3, "1000", 4)         = 4
[pid   549] close(3)                    = 0
[pid   549] symlink("/dev/binderfs", "./binderfs") = 0
[pid   549] write(1, "executing program\n", 18) = 18
[pid   549] memfd_create("syzkaller", 0) = 3
[pid   549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   549] munmap(0x7f94994ac000, 138412032) = 0
[pid   549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   549] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   549] close(3)                    = 0
[pid   549] close(4)                    = 0
[pid   549] mkdir("./bus", 0777)        = 0
[   47.972162][  T549] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   47.980014][  T549] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   47.989176][  T549] F2FS-fs (loop0): invalid crc value
[   47.995524][  T549] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   549] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   48.017647][  T549] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   48.024373][  T549] F2FS-fs (loop0): Start checkpoint disabled!
[pid   549] ioctl(3, LOOP_CLR_FD)       = 0
[pid   549] close(3)                    = 0
[pid   549] memfd_create("syzkaller", 0) = 3
[pid   549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   549] munmap(0x7f94994ac000, 138412032) = 0
[pid   549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   549] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   549] close(3)                    = 0
[pid   549] close(4)                    = 0
[pid   549] mkdir("./file0", 0777)      = 0
[pid   549] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   549] chdir("./file0")            = 0
[pid   549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   549] ioctl(4, LOOP_CLR_FD)       = 0
[pid   549] close(4)                    = 0
[pid   549] close(3)                    = 0
[pid   549] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   549] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   549] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   549] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   549] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   549] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   549] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   549] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   549] exit_group(0)               = ?
[pid   549] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=3, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   48.163411][  T549] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./44/file0")         = 0
[pid   283] umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./44/bus")           = 0
[pid   283] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./44/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./44")               = 0
[pid   283] mkdir("./45", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 47
./strace-static-x86_64: Process 555 attached
[pid   555] set_robust_list(0x55558c003660, 24) = 0
[pid   555] chdir("./45"executing program
)               = 0
[pid   555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   555] setpgid(0, 0)               = 0
[pid   555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   555] write(3, "1000", 4)         = 4
[pid   555] close(3)                    = 0
[pid   555] symlink("/dev/binderfs", "./binderfs") = 0
[pid   555] write(1, "executing program\n", 18) = 18
[pid   555] memfd_create("syzkaller", 0) = 3
[pid   555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   555] munmap(0x7f94994ac000, 138412032) = 0
[pid   555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   555] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   555] close(3)                    = 0
[pid   555] close(4)                    = 0
[pid   555] mkdir("./bus", 0777)        = 0
[   48.331610][  T555] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   48.339414][  T555] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   48.348277][  T555] F2FS-fs (loop0): invalid crc value
[   48.354484][  T555] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   555] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   48.375782][  T555] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   48.382368][  T555] F2FS-fs (loop0): Start checkpoint disabled!
[pid   555] ioctl(3, LOOP_CLR_FD)       = 0
[pid   555] close(3)                    = 0
[pid   555] memfd_create("syzkaller", 0) = 3
[pid   555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   555] munmap(0x7f94994ac000, 138412032) = 0
[pid   555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   555] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   555] close(3)                    = 0
[pid   555] close(4)                    = 0
[pid   555] mkdir("./file0", 0777)      = 0
[pid   555] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   555] chdir("./file0")            = 0
[pid   555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   555] ioctl(4, LOOP_CLR_FD)       = 0
[pid   555] close(4)                    = 0
[pid   555] close(3)                    = 0
[pid   555] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   555] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   555] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   555] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   555] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   555] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   555] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   555] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   555] exit_group(0)               = ?
[pid   555] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   48.562536][  T555] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./45/file0")         = 0
[pid   283] umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./45/bus")           = 0
[pid   283] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./45/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./45")               = 0
[pid   283] mkdir("./46", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 561 attached
, child_tidptr=0x55558c003650) = 48
[pid   561] set_robust_list(0x55558c003660, 24) = 0
[pid   561] chdir("./46")               = 0
[pid   561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   561] setpgid(0, 0)               = 0
[pid   561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   561] write(3, "1000", 4)         = 4
[pid   561] close(3)                    = 0
[pid   561] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   561] write(1, "executing program\n", 18) = 18
[pid   561] memfd_create("syzkaller", 0) = 3
[pid   561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   561] munmap(0x7f94994ac000, 138412032) = 0
[pid   561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   561] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   561] close(3)                    = 0
[pid   561] close(4)                    = 0
[pid   561] mkdir("./bus", 0777)        = 0
[   48.763054][  T561] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   48.771052][  T561] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   48.779977][  T561] F2FS-fs (loop0): invalid crc value
[   48.786273][  T561] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   48.807693][  T561] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   48.814358][  T561] F2FS-fs (loop0): Start checkpoint disabled!
[   48.820500][  T561] handle_bad_sector: 2 callbacks suppressed
[   48.820508][  T561] attempt to access beyond end of device
[   48.820508][  T561] loop0: rw=2049, want=40968, limit=40427
[pid   561] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   561] ioctl(3, LOOP_CLR_FD)       = 0
[pid   561] close(3)                    = 0
[pid   561] memfd_create("syzkaller", 0) = 3
[pid   561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   561] munmap(0x7f94994ac000, 138412032) = 0
[pid   561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   561] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   561] close(3)                    = 0
[pid   561] close(4)                    = 0
[pid   561] mkdir("./file0", 0777)      = 0
[   48.996334][  T561] ==================================================================
[   49.004554][  T561] BUG: KASAN: use-after-free in __ext4_iget+0x36a/0x4030
[   49.011549][  T561] Read of size 8 at addr ffff88812148ec28 by task syz-executor183/561
[   49.019665][  T561] 
[   49.021976][  T561] CPU: 1 PID: 561 Comm: syz-executor183 Not tainted 5.10.237-syzkaller-00010-gcf6ed0f1511d #0
[   49.032177][  T561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.042215][  T561] Call Trace:
[   49.045485][  T561]  __dump_stack+0x21/0x24
[   49.049788][  T561]  dump_stack_lvl+0x169/0x1d8
[   49.054435][  T561]  ? show_regs_print_info+0x18/0x18
[   49.059609][  T561]  ? thaw_kernel_threads+0x220/0x220
[   49.064868][  T561]  ? _raw_spin_lock+0x8e/0xe0
[   49.069534][  T561]  print_address_description+0x7f/0x2c0
[   49.075052][  T561]  ? __ext4_iget+0x36a/0x4030
[   49.079704][  T561]  kasan_report+0xe2/0x130
[   49.084096][  T561]  ? __ext4_iget+0x36a/0x4030
[   49.088758][  T561]  __asan_report_load8_noabort+0x14/0x20
[   49.094362][  T561]  __ext4_iget+0x36a/0x4030
[   49.098853][  T561]  ? __kasan_check_write+0x14/0x20
[   49.103934][  T561]  ? _raw_write_lock+0x8e/0xe0
[   49.108672][  T561]  ? _raw_write_trylock+0x140/0x140
[   49.113839][  T561]  ? __proc_create+0x564/0x8d0
[   49.118572][  T561]  ? __kasan_check_write+0x14/0x20
[   49.123664][  T561]  ? ext4_get_projid+0x140/0x140
[   49.128572][  T561]  ? _raw_write_unlock+0x2b/0x60
[   49.133480][  T561]  ? proc_register+0x34d/0x4e0
[   49.138214][  T561]  ext4_enable_quotas+0x33b/0x6d0
[   49.143215][  T561]  ext4_fill_super+0x82a9/0x8b60
[   49.148131][  T561]  ? ext4_mount+0x40/0x40
[   49.152429][  T561]  ? set_blocksize+0x1fe/0x3c0
[   49.157160][  T561]  ? sb_set_blocksize+0xaa/0xf0
[   49.161980][  T561]  mount_bdev+0x28b/0x3a0
[   49.166280][  T561]  ? ext4_mount+0x40/0x40
[   49.170581][  T561]  ext4_mount+0x34/0x40
[   49.174711][  T561]  legacy_get_tree+0xed/0x190
[   49.179367][  T561]  ? ext4_chksum+0x160/0x160
[   49.183940][  T561]  vfs_get_tree+0x89/0x260
[   49.188335][  T561]  do_new_mount+0x25a/0xa20
[   49.192815][  T561]  path_mount+0x572/0xc80
[   49.197127][  T561]  __se_sys_mount+0x318/0x380
[   49.201780][  T561]  ? do_notify_parent+0x7e0/0x7e0
[   49.206781][  T561]  ? __x64_sys_mount+0xd0/0xd0
[   49.211522][  T561]  ? fpu__clear_all+0x20/0x20
[   49.216174][  T561]  ? do_mkdirat+0x1e8/0x340
[   49.220654][  T561]  __x64_sys_mount+0xbf/0xd0
[   49.225224][  T561]  do_syscall_64+0x31/0x40
[   49.229620][  T561]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   49.235502][  T561] RIP: 0033:0x7f94a18ece6a
[   49.239899][  T561] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 8e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   49.259482][  T561] RSP: 002b:00007ffcaf86f9b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   49.267871][  T561] RAX: ffffffffffffffda RBX: 00007ffcaf86fa10 RCX: 00007f94a18ece6a
[   49.275821][  T561] RDX: 0000200000000580 RSI: 00002000000005c0 RDI: 00007ffcaf86fa10
[   49.283772][  T561] RBP: 00002000000005c0 R08: 00007ffcaf86fa50 R09: 000000000000054a
[   49.291720][  T561] R10: 0000000000000000 R11: 0000000000000206 R12: 0000200000000580
[   49.299668][  T561] R13: 00007ffcaf86fa50 R14: 0000000000000550 R15: 0000200000000600
[   49.307614][  T561] 
[   49.309922][  T561] Allocated by task 339:
[   49.314144][  T561]  __kasan_slab_alloc+0xbd/0xf0
[   49.318971][  T561]  slab_post_alloc_hook+0x5d/0x2f0
[   49.324061][  T561]  kmem_cache_alloc+0x165/0x2e0
[   49.328889][  T561]  f2fs_alloc_inode+0x26/0x410
[   49.333627][  T561]  iget_locked+0x146/0x7d0
[   49.338027][  T561]  f2fs_iget+0x55/0x4dc0
[   49.342243][  T561]  f2fs_fill_super+0x39f0/0x6c70
[   49.347158][  T561]  mount_bdev+0x28b/0x3a0
[   49.351462][  T561]  f2fs_mount+0x34/0x40
[   49.355596][  T561]  legacy_get_tree+0xed/0x190
[   49.360252][  T561]  vfs_get_tree+0x89/0x260
[   49.364648][  T561]  do_new_mount+0x25a/0xa20
[   49.369130][  T561]  path_mount+0x572/0xc80
[   49.373434][  T561]  __se_sys_mount+0x318/0x380
[   49.378084][  T561]  __x64_sys_mount+0xbf/0xd0
[   49.382650][  T561]  do_syscall_64+0x31/0x40
[   49.387048][  T561]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   49.392911][  T561] 
[   49.395220][  T561] Freed by task 19:
[   49.399007][  T561]  kasan_set_track+0x4a/0x70
[   49.403570][  T561]  kasan_set_free_info+0x23/0x40
[   49.408495][  T561]  ____kasan_slab_free+0x125/0x160
[   49.413584][  T561]  __kasan_slab_free+0x11/0x20
[   49.418320][  T561]  slab_free_freelist_hook+0xc5/0x190
[   49.423666][  T561]  kmem_cache_free+0x100/0x2d0
[   49.428406][  T561]  f2fs_free_inode+0x24/0x30
[   49.432971][  T561]  i_callback+0x4c/0x70
[   49.437118][  T561]  rcu_do_batch+0x4df/0xa80
[   49.441600][  T561]  rcu_core+0x55f/0xd60
[   49.445733][  T561]  rcu_core_si+0x9/0x10
[   49.449872][  T561]  __do_softirq+0x255/0x563
[   49.454351][  T561] 
[   49.456654][  T561] Last potentially related work creation:
[   49.462348][  T561]  kasan_save_stack+0x3a/0x60
[   49.467007][  T561]  __kasan_record_aux_stack+0xd2/0x100
[   49.472454][  T561]  kasan_record_aux_stack_noalloc+0xb/0x10
[   49.478237][  T561]  call_rcu+0x105/0x1040
[   49.482461][  T561]  evict+0x857/0x910
[   49.486342][  T561]  iput+0x638/0x7c0
[   49.490128][  T561]  f2fs_fill_super+0x5453/0x6c70
[   49.495046][  T561]  mount_bdev+0x28b/0x3a0
[   49.499358][  T561]  f2fs_mount+0x34/0x40
[   49.503493][  T561]  legacy_get_tree+0xed/0x190
[   49.508151][  T561]  vfs_get_tree+0x89/0x260
[   49.512543][  T561]  do_new_mount+0x25a/0xa20
[   49.517024][  T561]  path_mount+0x572/0xc80
[   49.521329][  T561]  __se_sys_mount+0x318/0x380
[   49.525985][  T561]  __x64_sys_mount+0xbf/0xd0
[   49.530561][  T561]  do_syscall_64+0x31/0x40
[   49.534957][  T561]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   49.540822][  T561] 
[   49.543129][  T561] The buggy address belongs to the object at ffff88812148e700
[   49.543129][  T561]  which belongs to the cache f2fs_inode_cache of size 1520
[   49.557677][  T561] The buggy address is located 1320 bytes inside of
[   49.557677][  T561]  1520-byte region [ffff88812148e700, ffff88812148ecf0)
[   49.571093][  T561] The buggy address belongs to the page:
[   49.576722][  T561] page:ffffea0004852200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121488
[   49.586927][  T561] head:ffffea0004852200 order:3 compound_mapcount:0 compound_pincount:0
[   49.595237][  T561] flags: 0x4000000000010200(slab|head)
[   49.600681][  T561] raw: 4000000000010200 0000000000000000 0000000100000001 ffff8881029d0f00
[   49.609244][  T561] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000
[   49.617800][  T561] page dumped because: kasan: bad access detected
[   49.624194][  T561] page_owner tracks the page as allocated
[   49.629893][  T561] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 284, ts 27783482693, free_ts 0
[   49.648955][  T561]  prep_new_page+0x179/0x180
[   49.653524][  T561]  get_page_from_freelist+0x2235/0x23d0
[   49.659043][  T561]  __alloc_pages_nodemask+0x268/0x5f0
[   49.664478][  T561]  new_slab+0x84/0x3f0
[   49.668520][  T561]  ___slab_alloc+0x2a6/0x450
[   49.673082][  T561]  __slab_alloc+0x63/0xa0
[   49.677383][  T561]  kmem_cache_alloc+0x1af/0x2e0
[   49.682207][  T561]  f2fs_alloc_inode+0x26/0x410
[   49.686944][  T561]  iget_locked+0x146/0x7d0
[   49.691332][  T561]  f2fs_iget+0x55/0x4dc0
[   49.695576][  T561]  f2fs_fill_super+0x45ba/0x6c70
[   49.700504][  T561]  mount_bdev+0x28b/0x3a0
[   49.704824][  T561]  f2fs_mount+0x34/0x40
[   49.708968][  T561]  legacy_get_tree+0xed/0x190
[   49.713633][  T561]  vfs_get_tree+0x89/0x260
[   49.718034][  T561]  do_new_mount+0x25a/0xa20
[   49.722512][  T561] page_owner free stack trace missing
[   49.727854][  T561] 
[   49.730159][  T561] Memory state around the buggy address:
[   49.735779][  T561]  ffff88812148eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.743826][  T561]  ffff88812148eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.751872][  T561] >ffff88812148ec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   49.759906][  T561]                                   ^
[   49.765255][  T561]  ffff88812148ec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   49.773295][  T561]  ffff88812148ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00
[   49.781329][  T561] ==================================================================
[   49.789368][  T561] Disabling lock debugging due to kernel taint
[   49.795671][  T561] EXT4-fs warning (device loop0): ext4_enable_quotas:6491: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix.
[   49.810195][   T24] kauditd_printk_skb: 8 callbacks suppressed
[   49.810211][   T24] audit: type=1400 audit(1748508332.700:82): avc:  denied  { read } for  pid=76 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   49.810641][  T561] EXT4-fs (loop0): mount failed
[   49.816189][   T24] audit: type=1400 audit(1748508332.700:83): avc:  denied  { search } for  pid=76 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   49.863857][   T24] audit: type=1400 audit(1748508332.700:84): avc:  denied  { write } for  pid=76 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[pid   561] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = -1 EACCES (Permission denied)
[pid   561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   49.885046][   T24] audit: type=1400 audit(1748508332.700:85): avc:  denied  { add_name } for  pid=76 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   49.905555][   T24] audit: type=1400 audit(1748508332.700:86): avc:  denied  { create } for  pid=76 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   49.926089][   T24] audit: type=1400 audit(1748508332.700:87): avc:  denied  { append open } for  pid=76 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[pid   561] ioctl(3, LOOP_CLR_FD)       = 0
[pid   561] close(3)                    = 0
[pid   561] close(3)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   561] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   561] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   561] exit_group(0)               = ?
[pid   561] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=4, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./46/file0")         = 0
[pid   283] umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./46/bus")           = 0
[pid   283] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./46/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./46")               = 0
[pid   283] mkdir("./47", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 49
./strace-static-x86_64: Process 567 attached
[pid   567] set_robust_list(0x55558c003660, 24) = 0
[pid   567] chdir("./47")               = 0
[pid   567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   567] setpgid(0, 0)               = 0
[pid   567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   567] write(3, "1000", 4)         = 4
[pid   567] close(3)                    = 0
[pid   567] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   567] write(1, "executing program\n", 18) = 18
[pid   567] memfd_create("syzkaller", 0) = 3
[pid   567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   49.948994][   T24] audit: type=1400 audit(1748508332.700:88): avc:  denied  { getattr } for  pid=76 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[pid   567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   567] munmap(0x7f94994ac000, 138412032) = 0
[pid   567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   567] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   567] close(3)                    = 0
[pid   567] close(4)                    = 0
[pid   567] mkdir("./bus", 0777)        = 0
[   50.168839][  T567] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   50.176676][  T567] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   50.185804][  T567] F2FS-fs (loop0): invalid crc value
[   50.192053][  T567] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   50.213770][  T567] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   50.220362][  T567] F2FS-fs (loop0): Start checkpoint disabled!
[   50.226469][  T567] attempt to access beyond end of device
[   50.226469][  T567] loop0: rw=2049, want=40968, limit=40427
[pid   567] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   567] ioctl(3, LOOP_CLR_FD)       = 0
[pid   567] close(3)                    = 0
[pid   567] memfd_create("syzkaller", 0) = 3
[pid   567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   567] munmap(0x7f94994ac000, 138412032) = 0
[pid   567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   567] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   567] close(3)                    = 0
[pid   567] close(4)                    = 0
[pid   567] mkdir("./file0", 0777)      = 0
[pid   567] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   567] chdir("./file0")            = 0
[pid   567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   567] ioctl(4, LOOP_CLR_FD)       = 0
[pid   567] close(4)                    = 0
[pid   567] close(3)                    = 0
[pid   567] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   567] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   567] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   567] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   567] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   567] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   567] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   567] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   567] exit_group(0)               = ?
[pid   567] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=2, si_stime=19} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./47/file0")         = 0
[pid   283] umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./47/bus")           = 0
[pid   283] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./47/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./47")               = 0
[pid   283] mkdir("./48", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 50
./strace-static-x86_64: Process 573 attached
[pid   573] set_robust_list(0x55558c003660, 24) = 0
[pid   573] chdir("./48")               = 0
[pid   573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   573] setpgid(0, 0)               = 0
[pid   573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   573] write(3, "1000", 4)         = 4
[pid   573] close(3)                    = 0
[pid   573] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   573] write(1, "executing program\n", 18) = 18
[pid   573] memfd_create("syzkaller", 0) = 3
[pid   573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   50.399171][  T567] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   573] munmap(0x7f94994ac000, 138412032) = 0
[pid   573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   573] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   573] close(3)                    = 0
[pid   573] close(4)                    = 0
[pid   573] mkdir("./bus", 0777)        = 0
[   50.558251][  T573] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   50.566155][  T573] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   50.575251][  T573] F2FS-fs (loop0): invalid crc value
[   50.581541][  T573] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   50.603433][  T573] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   50.610029][  T573] F2FS-fs (loop0): Start checkpoint disabled!
[   50.616170][  T573] attempt to access beyond end of device
[   50.616170][  T573] loop0: rw=2049, want=40968, limit=40427
[pid   573] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   573] ioctl(3, LOOP_CLR_FD)       = 0
[pid   573] close(3)                    = 0
[pid   573] memfd_create("syzkaller", 0) = 3
[pid   573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   573] munmap(0x7f94994ac000, 138412032) = 0
[pid   573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   573] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   573] close(3)                    = 0
[pid   573] close(4)                    = 0
[pid   573] mkdir("./file0", 0777)      = 0
[pid   573] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   573] chdir("./file0")            = 0
[pid   573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   573] ioctl(4, LOOP_CLR_FD)       = 0
[pid   573] close(4)                    = 0
[pid   573] close(3)                    = 0
[pid   573] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   573] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   573] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   573] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   573] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   573] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   573] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   573] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   573] exit_group(0)               = ?
[pid   573] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   50.828104][  T573] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./48/file0")         = 0
[pid   283] umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./48/bus")           = 0
[pid   283] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./48/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./48")               = 0
[pid   283] mkdir("./49", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 51
./strace-static-x86_64: Process 579 attached
[pid   579] set_robust_list(0x55558c003660, 24) = 0
[pid   579] chdir("./49")               = 0
[pid   579] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program
) = 0
[pid   579] setpgid(0, 0)               = 0
[pid   579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   579] write(3, "1000", 4)         = 4
[pid   579] close(3)                    = 0
[pid   579] symlink("/dev/binderfs", "./binderfs") = 0
[pid   579] write(1, "executing program\n", 18) = 18
[pid   579] memfd_create("syzkaller", 0) = 3
[pid   579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   579] munmap(0x7f94994ac000, 138412032) = 0
[pid   579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   579] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   579] close(3)                    = 0
[pid   579] close(4)                    = 0
[pid   579] mkdir("./bus", 0777)        = 0
[   51.053019][  T579] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   51.061056][  T579] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   51.070031][  T579] F2FS-fs (loop0): invalid crc value
[   51.076302][  T579] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   51.097867][  T579] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   51.104475][  T579] F2FS-fs (loop0): Start checkpoint disabled!
[   51.110616][  T579] attempt to access beyond end of device
[   51.110616][  T579] loop0: rw=2049, want=40968, limit=40427
[pid   579] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   579] ioctl(3, LOOP_CLR_FD)       = 0
[pid   579] close(3)                    = 0
[pid   579] memfd_create("syzkaller", 0) = 3
[pid   579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   579] munmap(0x7f94994ac000, 138412032) = 0
[pid   579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   579] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   579] close(3)                    = 0
[pid   579] close(4)                    = 0
[pid   579] mkdir("./file0", 0777)      = 0
[pid   579] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   579] chdir("./file0")            = 0
[pid   579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   579] ioctl(4, LOOP_CLR_FD)       = 0
[pid   579] close(4)                    = 0
[pid   579] close(3)                    = 0
[pid   579] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   579] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   579] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   579] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   579] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   579] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   579] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   579] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   579] exit_group(0)               = ?
[pid   579] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=3, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   51.259730][  T579] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./49/file0")         = 0
[pid   283] umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./49/bus")           = 0
[pid   283] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./49/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./49")               = 0
[pid   283] mkdir("./50", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
executing program
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 52
./strace-static-x86_64: Process 585 attached
[pid   585] set_robust_list(0x55558c003660, 24) = 0
[pid   585] chdir("./50")               = 0
[pid   585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   585] setpgid(0, 0)               = 0
[pid   585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   585] write(3, "1000", 4)         = 4
[pid   585] close(3)                    = 0
[pid   585] symlink("/dev/binderfs", "./binderfs") = 0
[pid   585] write(1, "executing program\n", 18) = 18
[pid   585] memfd_create("syzkaller", 0) = 3
[pid   585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   585] munmap(0x7f94994ac000, 138412032) = 0
[pid   585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   585] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   585] close(3)                    = 0
[pid   585] close(4)                    = 0
[pid   585] mkdir("./bus", 0777)        = 0
[   51.521196][  T585] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   51.529065][  T585] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   51.538233][  T585] F2FS-fs (loop0): invalid crc value
[   51.544515][  T585] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   585] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = 0
[pid   585] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   585] ioctl(4, LOOP_CLR_FD)       = 0
[pid   585] close(4)                    = 0
[pid   585] memfd_create("syzkaller", 0) = 4
[pid   585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   585] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   585] munmap(0x7f94994ac000, 138412032) = 0
[pid   585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5
[pid   585] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   585] ioctl(5, LOOP_CLR_FD)       = 0
[pid   585] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   585] close(5)                    = 0
[pid   585] close(4)                    = 0
[pid   585] close(3)                    = 0
[pid   585] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   585] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   585] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   585] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   585] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   585] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   585] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   585] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   585] exit_group(0)               = ?
[pid   585] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=4, si_stime=12} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 4 entries */, 32768) = 104
[   51.566805][  T585] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   51.573417][  T585] F2FS-fs (loop0): Start checkpoint disabled!
[   51.580394][  T585] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[   51.587408][  T585] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[pid   283] umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./50/bus")           = 0
[pid   283] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./50/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./50")               = 0
[pid   283] mkdir("./51", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558c003650) = 53
./strace-static-x86_64: Process 590 attached
[pid   590] set_robust_list(0x55558c003660, 24) = 0
[pid   590] chdir("./51")               = 0
[pid   590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   590] setpgid(0, 0)               = 0
[pid   590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   590] write(3, "1000", 4)         = 4
[pid   590] close(3)                    = 0
[pid   590] symlink("/dev/binderfs", "./binderfs") = 0
[pid   590] write(1, "executing program\n", 18) = 18
[pid   590] memfd_create("syzkaller", 0) = 3
[pid   590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   590] munmap(0x7f94994ac000, 138412032) = 0
[pid   590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   590] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   590] close(3)                    = 0
[pid   590] close(4)                    = 0
[pid   590] mkdir("./bus", 0777)        = 0
[   51.855561][  T590] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   51.863372][  T590] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   51.872923][  T590] F2FS-fs (loop0): invalid crc value
[   51.879207][  T590] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   51.900733][  T590] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   51.907368][  T590] F2FS-fs (loop0): Start checkpoint disabled!
[   51.913649][  T590] attempt to access beyond end of device
[   51.913649][  T590] loop0: rw=2049, want=40968, limit=40427
[pid   590] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   590] ioctl(3, LOOP_CLR_FD)       = 0
[pid   590] close(3)                    = 0
[pid   590] memfd_create("syzkaller", 0) = 3
[pid   590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   590] munmap(0x7f94994ac000, 138412032) = 0
[pid   590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   590] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   590] close(3)                    = 0
[pid   590] close(4)                    = 0
[pid   590] mkdir("./file0", 0777)      = 0
[pid   590] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   590] chdir("./file0")            = 0
[pid   590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   590] ioctl(4, LOOP_CLR_FD)       = 0
[pid   590] close(4)                    = 0
[pid   590] close(3)                    = 0
[pid   590] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   590] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   590] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   590] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   590] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   590] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   590] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   590] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   590] exit_group(0)               = ?
[pid   590] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   52.047674][  T590] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./51/file0")         = 0
[pid   283] umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./51/bus")           = 0
[pid   283] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./51/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./51")               = 0
[pid   283] mkdir("./52", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program
) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 54
./strace-static-x86_64: Process 597 attached
[pid   597] set_robust_list(0x55558c003660, 24) = 0
[pid   597] chdir("./52")               = 0
[pid   597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   597] setpgid(0, 0)               = 0
[pid   597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   597] write(3, "1000", 4)         = 4
[pid   597] close(3)                    = 0
[pid   597] symlink("/dev/binderfs", "./binderfs") = 0
[pid   597] write(1, "executing program\n", 18) = 18
[pid   597] memfd_create("syzkaller", 0) = 3
[pid   597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   597] munmap(0x7f94994ac000, 138412032) = 0
[pid   597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   597] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   597] close(3)                    = 0
[pid   597] close(4)                    = 0
[pid   597] mkdir("./bus", 0777)        = 0
[   52.292012][  T597] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   52.299829][  T597] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   52.308934][  T597] F2FS-fs (loop0): invalid crc value
[   52.315200][  T597] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   52.336591][  T597] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   52.343250][  T597] F2FS-fs (loop0): Start checkpoint disabled!
[   52.349390][  T597] attempt to access beyond end of device
[   52.349390][  T597] loop0: rw=2049, want=40968, limit=40427
[pid   597] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   597] ioctl(3, LOOP_CLR_FD)       = 0
[pid   597] close(3)                    = 0
[pid   597] memfd_create("syzkaller", 0) = 3
[pid   597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   597] munmap(0x7f94994ac000, 138412032) = 0
[pid   597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   597] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   597] close(3)                    = 0
[pid   597] close(4)                    = 0
[pid   597] mkdir("./file0", 0777)      = 0
[pid   597] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   597] chdir("./file0")            = 0
[pid   597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   597] ioctl(4, LOOP_CLR_FD)       = 0
[pid   597] close(4)                    = 0
[pid   597] close(3)                    = 0
[pid   597] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   597] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   597] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   597] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   597] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   597] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   597] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   597] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   597] exit_group(0)               = ?
[pid   597] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=4, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   52.513224][  T597] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./52/file0")         = 0
[pid   283] umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./52/bus")           = 0
[pid   283] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./52/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./52")               = 0
[pid   283] mkdir("./53", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 55
./strace-static-x86_64: Process 603 attached
[pid   603] set_robust_list(0x55558c003660, 24) = 0
[pid   603] chdir("./53")               = 0
[pid   603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   603] setpgid(0, 0)               = 0
[pid   603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   603] write(3, "1000", 4)         = 4
[pid   603] close(3)                    = 0
[pid   603] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   603] write(1, "executing program\n", 18) = 18
[pid   603] memfd_create("syzkaller", 0) = 3
[pid   603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   603] munmap(0x7f94994ac000, 138412032) = 0
[pid   603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   603] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   603] close(3)                    = 0
[pid   603] close(4)                    = 0
[pid   603] mkdir("./bus", 0777)        = 0
[   52.782045][  T603] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   52.789945][  T603] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   52.798933][  T603] F2FS-fs (loop0): invalid crc value
[   52.805192][  T603] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   52.826486][  T603] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   52.833048][  T603] F2FS-fs (loop0): Start checkpoint disabled!
[   52.839213][  T603] attempt to access beyond end of device
[   52.839213][  T603] loop0: rw=2049, want=40968, limit=40427
[pid   603] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   603] ioctl(3, LOOP_CLR_FD)       = 0
[pid   603] close(3)                    = 0
[pid   603] memfd_create("syzkaller", 0) = 3
[pid   603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   603] munmap(0x7f94994ac000, 138412032) = 0
[pid   603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   603] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   603] close(3)                    = 0
[pid   603] close(4)                    = 0
[pid   603] mkdir("./file0", 0777)      = 0
[pid   603] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   603] chdir("./file0")            = 0
[pid   603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   603] ioctl(4, LOOP_CLR_FD)       = 0
[pid   603] close(4)                    = 0
[pid   603] close(3)                    = 0
[pid   603] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   603] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   603] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   603] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   603] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   603] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   603] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   603] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   603] exit_group(0)               = ?
[pid   603] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   52.980758][  T603] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./53/file0")         = 0
[pid   283] umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./53/bus")           = 0
[pid   283] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./53/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./53")               = 0
[pid   283] mkdir("./54", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 56
./strace-static-x86_64: Process 609 attached
[pid   609] set_robust_list(0x55558c003660, 24) = 0
[pid   609] chdir("./54")               = 0
[pid   609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   609] setpgid(0, 0)               = 0
[pid   609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   609] write(3, "1000", 4)         = 4
[pid   609] close(3)                    = 0
[pid   609] symlink("/dev/binderfs", "./binderfs") = 0
[pid   609] write(1, "executing program\n", 18executing program
) = 18
[pid   609] memfd_create("syzkaller", 0) = 3
[pid   609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   609] munmap(0x7f94994ac000, 138412032) = 0
[pid   609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   609] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   609] close(3)                    = 0
[pid   609] close(4)                    = 0
[pid   609] mkdir("./bus", 0777)        = 0
[   53.221798][  T609] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   53.229687][  T609] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   53.238539][  T609] F2FS-fs (loop0): invalid crc value
[   53.244967][  T609] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   53.266851][  T609] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   53.273567][  T609] F2FS-fs (loop0): Start checkpoint disabled!
[   53.279747][  T609] attempt to access beyond end of device
[   53.279747][  T609] loop0: rw=2049, want=40968, limit=40427
[pid   609] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   609] ioctl(3, LOOP_CLR_FD)       = 0
[pid   609] close(3)                    = 0
[pid   609] memfd_create("syzkaller", 0) = 3
[pid   609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   609] munmap(0x7f94994ac000, 138412032) = 0
[pid   609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   609] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   609] close(3)                    = 0
[pid   609] close(4)                    = 0
[pid   609] mkdir("./file0", 0777)      = 0
[pid   609] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   609] chdir("./file0")            = 0
[pid   609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   609] ioctl(4, LOOP_CLR_FD)       = 0
[pid   609] close(4)                    = 0
[pid   609] close(3)                    = 0
[pid   609] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   609] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   609] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   609] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   609] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   609] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   609] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   609] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   609] exit_group(0)               = ?
[pid   609] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=4, si_stime=14} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./54/file0")         = 0
[pid   283] umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./54/bus")           = 0
[pid   283] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./54/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./54")               = 0
[pid   283] mkdir("./55", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 57
./strace-static-x86_64: Process 615 attached
[pid   615] set_robust_list(0x55558c003660, 24) = 0
[pid   615] chdir("./55")               = 0
[pid   615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   615] setpgid(0, 0)               = 0
[pid   615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   615] write(3, "1000", 4)         = 4
[pid   615] close(3)                    = 0
[   53.518432][  T609] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   615] symlink("/dev/binderfs", "./binderfs") = 0
[pid   615] write(1, "executing program\n", 18executing program
) = 18
[pid   615] memfd_create("syzkaller", 0) = 3
[pid   615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   615] munmap(0x7f94994ac000, 138412032) = 0
[pid   615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   615] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   615] close(3)                    = 0
[pid   615] close(4)                    = 0
[pid   615] mkdir("./bus", 0777)        = 0
[   53.721695][  T615] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   53.729560][  T615] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   53.738773][  T615] F2FS-fs (loop0): invalid crc value
[   53.745068][  T615] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   53.767138][  T615] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   53.773760][  T615] F2FS-fs (loop0): Start checkpoint disabled!
[   53.779944][  T615] attempt to access beyond end of device
[   53.779944][  T615] loop0: rw=2049, want=40968, limit=40427
[pid   615] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   615] ioctl(3, LOOP_CLR_FD)       = 0
[pid   615] close(3)                    = 0
[pid   615] memfd_create("syzkaller", 0) = 3
[pid   615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   615] munmap(0x7f94994ac000, 138412032) = 0
[pid   615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   615] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   615] close(3)                    = 0
[pid   615] close(4)                    = 0
[pid   615] mkdir("./file0", 0777)      = 0
[pid   615] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   615] chdir("./file0")            = 0
[pid   615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   615] ioctl(4, LOOP_CLR_FD)       = 0
[pid   615] close(4)                    = 0
[pid   615] close(3)                    = 0
[pid   615] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   615] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   615] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   615] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   615] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   615] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   615] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   615] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   615] exit_group(0)               = ?
[pid   615] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=4, si_stime=14} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   53.963457][  T615] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./55/file0")         = 0
[pid   283] umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./55/bus")           = 0
[pid   283] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./55/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./55")               = 0
[pid   283] mkdir("./56", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 58
./strace-static-x86_64: Process 621 attached
[pid   621] set_robust_list(0x55558c003660, 24) = 0
[pid   621] chdir("./56")               = 0
[pid   621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   621] setpgid(0, 0)               = 0
[pid   621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   621] write(3, "1000", 4)         = 4
[pid   621] close(3)                    = 0
[pid   621] symlink("/dev/binderfs", "./binderfs") = 0
[pid   621] write(1, "executing program\n", 18) = 18
[pid   621] memfd_create("syzkaller", 0) = 3
[pid   621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
executing program
[pid   621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   621] munmap(0x7f94994ac000, 138412032) = 0
[pid   621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   621] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   621] close(3)                    = 0
[pid   621] close(4)                    = 0
[pid   621] mkdir("./bus", 0777)        = 0
[   54.151699][  T621] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   54.159601][  T621] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   54.168438][  T621] F2FS-fs (loop0): invalid crc value
[   54.174774][  T621] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   621] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = 0
[pid   621] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   621] ioctl(4, LOOP_CLR_FD)       = 0
[pid   621] close(4)                    = 0
[pid   621] memfd_create("syzkaller", 0) = 4
[pid   621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   621] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   621] munmap(0x7f94994ac000, 138412032) = 0
[pid   621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5
[pid   621] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   621] ioctl(5, LOOP_CLR_FD)       = 0
[pid   621] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   621] close(5)                    = 0
[pid   621] close(4)                    = 0
[pid   621] close(3)                    = 0
[pid   621] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   621] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   621] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   621] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   621] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   621] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   621] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   621] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   621] exit_group(0)               = ?
[pid   621] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=3, si_stime=14} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 4 entries */, 32768) = 104
[   54.196536][  T621] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   54.203117][  T621] F2FS-fs (loop0): Start checkpoint disabled!
[   54.209896][  T621] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[   54.216913][  T621] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[pid   283] umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./56/bus")           = 0
[pid   283] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./56/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./56")               = 0
[pid   283] mkdir("./57", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 59
./strace-static-x86_64: Process 626 attached
[pid   626] set_robust_list(0x55558c003660, 24) = 0
[pid   626] chdir("./57")               = 0
[pid   626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   626] setpgid(0, 0)               = 0
[pid   626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   626] write(3, "1000", 4)         = 4
[pid   626] close(3)                    = 0
[pid   626] symlink("/dev/binderfs", "./binderfs") = 0
[pid   626] write(1, "executing program\n", 18executing program
) = 18
[pid   626] memfd_create("syzkaller", 0) = 3
[pid   626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   626] munmap(0x7f94994ac000, 138412032) = 0
[pid   626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   626] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   626] close(3)                    = 0
[pid   626] close(4)                    = 0
[pid   626] mkdir("./bus", 0777)        = 0
[   54.483741][  T626] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   54.491592][  T626] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   54.500558][  T626] F2FS-fs (loop0): invalid crc value
[   54.506810][  T626] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   626] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = 0
[pid   626] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   626] ioctl(4, LOOP_CLR_FD)       = 0
[pid   626] close(4)                    = 0
[pid   626] memfd_create("syzkaller", 0) = 4
[pid   626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   626] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   626] munmap(0x7f94994ac000, 138412032) = 0
[pid   626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5
[pid   626] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   626] ioctl(5, LOOP_CLR_FD)       = 0
[pid   626] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   626] close(5)                    = 0
[pid   626] close(4)                    = 0
[pid   626] close(3)                    = 0
[pid   626] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   626] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   626] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   626] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   626] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   626] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   626] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   626] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   626] exit_group(0)               = ?
[pid   626] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=3, si_stime=13} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 4 entries */, 32768) = 104
[   54.528633][  T626] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   54.535242][  T626] F2FS-fs (loop0): Start checkpoint disabled!
[   54.542140][  T626] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[   54.549223][  T626] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[pid   283] umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./57/bus")           = 0
[pid   283] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./57/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./57")               = 0
[pid   283] mkdir("./58", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3executing program
)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 60
./strace-static-x86_64: Process 631 attached
[pid   631] set_robust_list(0x55558c003660, 24) = 0
[pid   631] chdir("./58")               = 0
[pid   631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   631] setpgid(0, 0)               = 0
[pid   631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   631] write(3, "1000", 4)         = 4
[pid   631] close(3)                    = 0
[pid   631] symlink("/dev/binderfs", "./binderfs") = 0
[pid   631] write(1, "executing program\n", 18) = 18
[pid   631] memfd_create("syzkaller", 0) = 3
[pid   631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   631] munmap(0x7f94994ac000, 138412032) = 0
[pid   631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   631] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   631] close(3)                    = 0
[pid   631] close(4)                    = 0
[pid   631] mkdir("./bus", 0777)        = 0
[   54.825687][  T631] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   54.833499][  T631] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   54.842793][  T631] F2FS-fs (loop0): invalid crc value
[   54.849049][  T631] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   54.870756][  T631] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   54.877360][  T631] F2FS-fs (loop0): Start checkpoint disabled!
[   54.883628][  T631] attempt to access beyond end of device
[   54.883628][  T631] loop0: rw=2049, want=40968, limit=40427
[pid   631] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   631] ioctl(3, LOOP_CLR_FD)       = 0
[pid   631] close(3)                    = 0
[pid   631] memfd_create("syzkaller", 0) = 3
[pid   631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   631] munmap(0x7f94994ac000, 138412032) = 0
[pid   631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   631] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   631] close(3)                    = 0
[pid   631] close(4)                    = 0
[pid   631] mkdir("./file0", 0777)      = 0
[pid   631] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   631] chdir("./file0")            = 0
[pid   631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   631] ioctl(4, LOOP_CLR_FD)       = 0
[pid   631] close(4)                    = 0
[pid   631] close(3)                    = 0
[pid   631] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   631] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   631] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   631] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   631] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   631] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   631] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   631] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   631] exit_group(0)               = ?
[pid   631] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=3, si_stime=19} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   55.080380][  T631] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./58/file0")         = 0
[pid   283] umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./58/bus")           = 0
[pid   283] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./58/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./58")               = 0
[pid   283] mkdir("./59", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3executing program
)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 61
./strace-static-x86_64: Process 637 attached
[pid   637] set_robust_list(0x55558c003660, 24) = 0
[pid   637] chdir("./59")               = 0
[pid   637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   637] setpgid(0, 0)               = 0
[pid   637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   637] write(3, "1000", 4)         = 4
[pid   637] close(3)                    = 0
[pid   637] symlink("/dev/binderfs", "./binderfs") = 0
[pid   637] write(1, "executing program\n", 18) = 18
[pid   637] memfd_create("syzkaller", 0) = 3
[pid   637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   637] munmap(0x7f94994ac000, 138412032) = 0
[pid   637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   637] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   637] close(3)                    = 0
[pid   637] close(4)                    = 0
[pid   637] mkdir("./bus", 0777)        = 0
[   55.292629][  T637] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   55.300554][  T637] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   55.309534][  T637] F2FS-fs (loop0): invalid crc value
[   55.315915][  T637] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   55.337779][  T637] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   55.344403][  T637] F2FS-fs (loop0): Start checkpoint disabled!
[   55.350628][  T637] attempt to access beyond end of device
[   55.350628][  T637] loop0: rw=2049, want=40968, limit=40427
[pid   637] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   637] ioctl(3, LOOP_CLR_FD)       = 0
[pid   637] close(3)                    = 0
[pid   637] memfd_create("syzkaller", 0) = 3
[pid   637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   637] munmap(0x7f94994ac000, 138412032) = 0
[pid   637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   637] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   637] close(3)                    = 0
[pid   637] close(4)                    = 0
[pid   637] mkdir("./file0", 0777)      = 0
[pid   637] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   637] chdir("./file0")            = 0
[pid   637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   637] ioctl(4, LOOP_CLR_FD)       = 0
[pid   637] close(4)                    = 0
[pid   637] close(3)                    = 0
[pid   637] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   637] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   637] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   637] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   637] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   637] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   637] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   637] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   637] exit_group(0)               = ?
[pid   637] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=2, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   55.511359][  T637] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./59/file0")         = 0
[pid   283] umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./59/bus")           = 0
[pid   283] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./59/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./59")               = 0
[pid   283] mkdir("./60", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558c003650) = 62
./strace-static-x86_64: Process 643 attached
[pid   643] set_robust_list(0x55558c003660, 24) = 0
[pid   643] chdir("./60")               = 0
[pid   643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   643] setpgid(0, 0)               = 0
[pid   643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   643] write(3, "1000", 4)         = 4
[pid   643] close(3)                    = 0
[pid   643] symlink("/dev/binderfs", "./binderfs") = 0
[pid   643] write(1, "executing program\n", 18) = 18
[pid   643] memfd_create("syzkaller", 0) = 3
[pid   643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   643] munmap(0x7f94994ac000, 138412032) = 0
[pid   643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   643] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   643] close(3)                    = 0
[pid   643] close(4)                    = 0
[pid   643] mkdir("./bus", 0777)        = 0
[   55.736248][  T643] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   55.744122][  T643] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   55.753134][  T643] F2FS-fs (loop0): invalid crc value
[   55.759470][  T643] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   55.782237][  T643] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   55.788963][  T643] F2FS-fs (loop0): Start checkpoint disabled!
[   55.795081][  T643] attempt to access beyond end of device
[   55.795081][  T643] loop0: rw=2049, want=40968, limit=40427
[pid   643] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   643] ioctl(3, LOOP_CLR_FD)       = 0
[pid   643] close(3)                    = 0
[pid   643] memfd_create("syzkaller", 0) = 3
[pid   643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   643] munmap(0x7f94994ac000, 138412032) = 0
[pid   643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   643] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   643] close(3)                    = 0
[pid   643] close(4)                    = 0
[pid   643] mkdir("./file0", 0777)      = 0
[pid   643] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   643] chdir("./file0")            = 0
[pid   643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   643] ioctl(4, LOOP_CLR_FD)       = 0
[pid   643] close(4)                    = 0
[pid   643] close(3)                    = 0
[pid   643] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   643] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   643] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   643] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   643] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   643] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   643] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   643] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   643] exit_group(0)               = ?
[pid   643] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   55.931899][  T643] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./60/file0")         = 0
[pid   283] umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./60/bus")           = 0
[pid   283] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./60/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./60")               = 0
[pid   283] mkdir("./61", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 63
./strace-static-x86_64: Process 649 attached
[pid   649] set_robust_list(0x55558c003660, 24) = 0
[pid   649] chdir("./61")               = 0
[pid   649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   649] setpgid(0, 0)               = 0
[pid   649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   649] write(3, "1000", 4)         = 4
[pid   649] close(3executing program
)                    = 0
[pid   649] symlink("/dev/binderfs", "./binderfs") = 0
[pid   649] write(1, "executing program\n", 18) = 18
[pid   649] memfd_create("syzkaller", 0) = 3
[pid   649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   649] munmap(0x7f94994ac000, 138412032) = 0
[pid   649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   649] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   649] close(3)                    = 0
[pid   649] close(4)                    = 0
[pid   649] mkdir("./bus", 0777)        = 0
[   56.210940][  T649] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   56.218808][  T649] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   56.227766][  T649] F2FS-fs (loop0): invalid crc value
[   56.234010][  T649] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   56.255517][  T649] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   56.262117][  T649] F2FS-fs (loop0): Start checkpoint disabled!
[   56.268225][  T649] attempt to access beyond end of device
[   56.268225][  T649] loop0: rw=2049, want=40968, limit=40427
[pid   649] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   649] ioctl(3, LOOP_CLR_FD)       = 0
[pid   649] close(3)                    = 0
[pid   649] memfd_create("syzkaller", 0) = 3
[pid   649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   649] munmap(0x7f94994ac000, 138412032) = 0
[pid   649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   649] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   649] close(3)                    = 0
[pid   649] close(4)                    = 0
[pid   649] mkdir("./file0", 0777)      = 0
[pid   649] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   649] chdir("./file0")            = 0
[pid   649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   649] ioctl(4, LOOP_CLR_FD)       = 0
[pid   649] close(4)                    = 0
[pid   649] close(3)                    = 0
[pid   649] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   649] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   649] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   649] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   649] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   649] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   649] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   649] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   649] exit_group(0)               = ?
[pid   649] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=4, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[pid   283] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./61/file0")         = 0
[pid   283] umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./61/bus")           = 0
[pid   283] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./61/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./61")               = 0
[pid   283] mkdir("./62", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = 0
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 64
./strace-static-x86_64: Process 655 attached
[pid   655] set_robust_list(0x55558c003660, 24) = 0
[pid   655] chdir("./62")               = 0
[pid   655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   655] setpgid(0, 0)               = 0
[pid   655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   655] write(3, "1000", 4)         = 4
[pid   655] close(3)                    = 0
[pid   655] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   655] write(1, "executing program\n", 18) = 18
[pid   655] memfd_create("syzkaller", 0) = 3
[pid   655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[   56.399892][  T649] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   655] munmap(0x7f94994ac000, 138412032) = 0
[pid   655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   655] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   655] close(3)                    = 0
[pid   655] close(4)                    = 0
[pid   655] mkdir("./bus", 0777)        = 0
[   56.526809][  T655] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   56.534854][  T655] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   56.544013][  T655] F2FS-fs (loop0): invalid crc value
[   56.550469][  T655] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   56.572505][  T655] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   56.579144][  T655] F2FS-fs (loop0): Start checkpoint disabled!
[   56.585296][  T655] attempt to access beyond end of device
[   56.585296][  T655] loop0: rw=2049, want=40968, limit=40427
[pid   655] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   655] ioctl(3, LOOP_CLR_FD)       = 0
[pid   655] close(3)                    = 0
[pid   655] memfd_create("syzkaller", 0) = 3
[pid   655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   655] munmap(0x7f94994ac000, 138412032) = 0
[pid   655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   655] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   655] close(3)                    = 0
[pid   655] close(4)                    = 0
[pid   655] mkdir("./file0", 0777)      = 0
[pid   655] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   655] chdir("./file0")            = 0
[pid   655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   655] ioctl(4, LOOP_CLR_FD)       = 0
[pid   655] close(4)                    = 0
[pid   655] close(3)                    = 0
[pid   655] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   655] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   655] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   655] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   655] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   655] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   655] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   655] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   655] exit_group(0)               = ?
[pid   655] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=5, si_stime=15} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   56.733676][  T655] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./62/file0")         = 0
[pid   283] umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./62/bus")           = 0
[pid   283] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./62/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./62")               = 0
[pid   283] mkdir("./63", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 65
./strace-static-x86_64: Process 661 attached
[pid   661] set_robust_list(0x55558c003660, 24) = 0
[pid   661] chdir("./63")               = 0
[pid   661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   661] setpgid(0, 0)               = 0
[pid   661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   661] write(3, "1000", 4)         = 4
[pid   661] close(3)                    = 0
[pid   661] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid   661] write(1, "executing program\n", 18) = 18
[pid   661] memfd_create("syzkaller", 0) = 3
[pid   661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   661] munmap(0x7f94994ac000, 138412032) = 0
[pid   661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   661] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   661] close(3)                    = 0
[pid   661] close(4)                    = 0
[pid   661] mkdir("./bus", 0777)        = 0
[   56.921039][  T661] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   56.928869][  T661] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   56.937845][  T661] F2FS-fs (loop0): invalid crc value
[   56.944159][  T661] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   56.966038][  T661] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   56.972682][  T661] F2FS-fs (loop0): Start checkpoint disabled!
[   56.978854][  T661] attempt to access beyond end of device
[   56.978854][  T661] loop0: rw=2049, want=40968, limit=40427
[pid   661] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   661] ioctl(3, LOOP_CLR_FD)       = 0
[pid   661] close(3)                    = 0
[pid   661] memfd_create("syzkaller", 0) = 3
[pid   661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   661] munmap(0x7f94994ac000, 138412032) = 0
[pid   661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   661] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   661] close(3)                    = 0
[pid   661] close(4)                    = 0
[pid   661] mkdir("./file0", 0777)      = 0
[pid   661] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   661] chdir("./file0")            = 0
[pid   661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   661] ioctl(4, LOOP_CLR_FD)       = 0
[pid   661] close(4)                    = 0
[pid   661] close(3)                    = 0
[pid   661] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   661] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   661] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   661] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   661] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   661] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   661] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   661] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   661] exit_group(0)               = ?
[pid   661] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=3, si_stime=16} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   57.110270][  T661] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./63/file0")         = 0
[pid   283] umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./63/bus")           = 0
[pid   283] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./63/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./63")               = 0
[pid   283] mkdir("./64", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 667 attached
 <unfinished ...>
[pid   667] set_robust_list(0x55558c003660, 24) = 0
[pid   667] chdir("./64")               = 0
[pid   667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   667] setpgid(0, 0)               = 0
[pid   667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid   667] write(3, "1000", 4 <unfinished ...>
[pid   283] <... clone resumed>, child_tidptr=0x55558c003650) = 66
[pid   667] <... write resumed>)        = 4
[pid   667] close(3)                    = 0
[pid   667] symlink("/dev/binderfs", "./binderfs") = 0
[pid   667] write(1, "executing program\n", 18) = 18
[pid   667] memfd_create("syzkaller", 0) = 3
[pid   667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   667] munmap(0x7f94994ac000, 138412032) = 0
[pid   667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   667] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   667] close(3)                    = 0
[pid   667] close(4)                    = 0
[pid   667] mkdir("./bus", 0777)        = 0
[   57.345288][  T667] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   57.353071][  T667] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   57.362615][  T667] F2FS-fs (loop0): invalid crc value
[   57.369048][  T667] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   57.390906][  T667] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   57.397503][  T667] F2FS-fs (loop0): Start checkpoint disabled!
[   57.403695][  T667] attempt to access beyond end of device
[   57.403695][  T667] loop0: rw=2049, want=40968, limit=40427
[pid   667] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   667] ioctl(3, LOOP_CLR_FD)       = 0
[pid   667] close(3)                    = 0
[pid   667] memfd_create("syzkaller", 0) = 3
[pid   667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   667] munmap(0x7f94994ac000, 138412032) = 0
[pid   667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   667] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   667] close(3)                    = 0
[pid   667] close(4)                    = 0
[pid   667] mkdir("./file0", 0777)      = 0
[pid   667] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   667] chdir("./file0")            = 0
[pid   667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   667] ioctl(4, LOOP_CLR_FD)       = 0
[pid   667] close(4)                    = 0
[pid   667] close(3)                    = 0
[pid   667] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   667] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   667] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   667] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   667] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   667] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   667] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   667] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   667] exit_group(0)               = ?
[pid   667] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=5, si_stime=14} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   57.582470][  T667] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./64/file0")         = 0
[pid   283] umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./64/bus")           = 0
[pid   283] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./64/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./64")               = 0
[pid   283] mkdir("./65", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 67
./strace-static-x86_64: Process 673 attached
[pid   673] set_robust_list(0x55558c003660, 24) = 0
[pid   673] chdir("./65")               = 0
[pid   673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   673] setpgid(0, 0)               = 0
[pid   673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid   673] write(3, "1000", 4)         = 4
[pid   673] close(3)                    = 0
[pid   673] symlink("/dev/binderfs", "./binderfs") = 0
[pid   673] write(1, "executing program\n", 18) = 18
[pid   673] memfd_create("syzkaller", 0) = 3
[pid   673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   673] munmap(0x7f94994ac000, 138412032) = 0
[pid   673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   673] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   673] close(3)                    = 0
[pid   673] close(4)                    = 0
[pid   673] mkdir("./bus", 0777)        = 0
[   57.903726][  T673] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   57.911526][  T673] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   57.920963][  T673] F2FS-fs (loop0): invalid crc value
[   57.927146][  T673] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   57.948940][  T673] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   57.955541][  T673] F2FS-fs (loop0): Start checkpoint disabled!
[   57.961694][  T673] attempt to access beyond end of device
[   57.961694][  T673] loop0: rw=2049, want=40968, limit=40427
[pid   673] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   673] ioctl(3, LOOP_CLR_FD)       = 0
[pid   673] close(3)                    = 0
[pid   673] memfd_create("syzkaller", 0) = 3
[pid   673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   673] munmap(0x7f94994ac000, 138412032) = 0
[pid   673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   673] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   673] close(3)                    = 0
[pid   673] close(4)                    = 0
[pid   673] mkdir("./file0", 0777)      = 0
[pid   673] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   673] chdir("./file0")            = 0
[pid   673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   673] ioctl(4, LOOP_CLR_FD)       = 0
[pid   673] close(4)                    = 0
[pid   673] close(3)                    = 0
[pid   673] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   673] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   673] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   673] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   673] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   673] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   673] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   673] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   673] exit_group(0)               = ?
[pid   673] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=3, si_stime=18} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136
[   58.192507][  T673] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid   283] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./65/file0")         = 0
[pid   283] umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./65/bus")           = 0
[pid   283] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./65/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./65")               = 0
[pid   283] mkdir("./66", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 68
./strace-static-x86_64: Process 679 attached
[pid   679] set_robust_list(0x55558c003660, 24) = 0
[pid   679] chdir("./66")               = 0
[pid   679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   679] setpgid(0, 0)               = 0
[pid   679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   679] write(3, "1000", 4)         = 4
[pid   679] close(3)                    = 0
[pid   679] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid   679] write(1, "executing program\n", 18) = 18
[pid   679] memfd_create("syzkaller", 0) = 3
[pid   679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   679] munmap(0x7f94994ac000, 138412032) = 0
[pid   679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   679] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   679] close(3)                    = 0
[pid   679] close(4)                    = 0
[pid   679] mkdir("./bus", 0777)        = 0
[   58.364649][  T679] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   58.372457][  T679] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   58.381489][  T679] F2FS-fs (loop0): invalid crc value
[   58.387607][  T679] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[pid   679] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = 0
[pid   679] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   679] ioctl(4, LOOP_CLR_FD)       = 0
[pid   679] close(4)                    = 0
[pid   679] memfd_create("syzkaller", 0) = 4
[pid   679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   679] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   679] munmap(0x7f94994ac000, 138412032) = 0
[pid   679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5
[pid   679] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   679] ioctl(5, LOOP_CLR_FD)       = 0
[pid   679] ioctl(5, LOOP_SET_FD, 4)    = -1 EBUSY (Device or resource busy)
[pid   679] close(5)                    = 0
[pid   679] close(4)                    = 0
[pid   679] close(3)                    = 0
[pid   679] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   679] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   679] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   679] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   679] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   679] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   679] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   679] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   679] exit_group(0)               = ?
[pid   679] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=3, si_stime=11} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 4 entries */, 32768) = 104
[   58.409137][  T679] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   58.415798][  T679] F2FS-fs (loop0): Start checkpoint disabled!
[   58.422698][  T679] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[   58.429739][  T679] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[pid   283] umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid   283] umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(4, 0x55558c00c730 /* 2 entries */, 32768) = 48
[pid   283] getdents64(4, 0x55558c00c730 /* 0 entries */, 32768) = 0
[pid   283] close(4)                    = 0
[pid   283] rmdir("./66/bus")           = 0
[pid   283] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid   283] unlink("./66/binderfs")     = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 0 entries */, 32768) = 0
[pid   283] close(3)                    = 0
[pid   283] rmdir("./66")               = 0
[pid   283] mkdir("./67", 0777)         = 0
[pid   283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   283] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   283] close(3executing program
)                    = 0
[pid   283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c003650) = 69
./strace-static-x86_64: Process 684 attached
[pid   684] set_robust_list(0x55558c003660, 24) = 0
[pid   684] chdir("./67")               = 0
[pid   684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   684] setpgid(0, 0)               = 0
[pid   684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   684] write(3, "1000", 4)         = 4
[pid   684] close(3)                    = 0
[pid   684] symlink("/dev/binderfs", "./binderfs") = 0
[pid   684] write(1, "executing program\n", 18) = 18
[pid   684] memfd_create("syzkaller", 0) = 3
[pid   684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
[pid   684] munmap(0x7f94994ac000, 138412032) = 0
[pid   684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   684] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   684] close(3)                    = 0
[pid   684] close(4)                    = 0
[pid   684] mkdir("./bus", 0777)        = 0
[   58.727070][  T684] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[   58.734945][  T684] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   58.744281][  T684] F2FS-fs (loop0): invalid crc value
[   58.750608][  T684] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391)
[   58.772651][  T684] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[   58.779308][  T684] F2FS-fs (loop0): Start checkpoint disabled!
[   58.785431][  T684] attempt to access beyond end of device
[   58.785431][  T684] loop0: rw=2049, want=40968, limit=40427
[pid   684] mount("/dev/loop0", "./bus", "f2fs", MS_NOEXEC, "discard_unit=section,alloc_mode=reuse,checkpoint=disable,active_logs=6,active_logs=6,jqfmt=vfsv0,noa"...) = -1 EIO (Input/output error)
[pid   684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   684] ioctl(3, LOOP_CLR_FD)       = 0
[pid   684] close(3)                    = 0
[pid   684] memfd_create("syzkaller", 0) = 3
[pid   684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f94994ac000
[pid   684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid   684] munmap(0x7f94994ac000, 138412032) = 0
[pid   684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   684] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   684] close(3)                    = 0
[pid   684] close(4)                    = 0
[pid   684] mkdir("./file0", 0777)      = 0
[pid   684] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid   684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   684] chdir("./file0")            = 0
[pid   684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   684] ioctl(4, LOOP_CLR_FD)       = 0
[pid   684] close(4)                    = 0
[pid   684] close(3)                    = 0
[pid   684] close(4)                    = -1 EBADF (Bad file descriptor)
[pid   684] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   684] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   684] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   684] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   684] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   684] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   684] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   684] exit_group(0)               = ?
[pid   684] +++ exited with 0 +++
[pid   283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
[pid   283] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid   283] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   283] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid   283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=100, ...}, AT_EMPTY_PATH) = 0
[pid   283] getdents64(3, 0x55558c0046f0 /* 5 entries */, 32768) = 136