./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2895463622

<...>
Warning: Permanently added '10.128.1.16' (ED25519) to the list of known hosts.
execve("./syz-executor2895463622", ["./syz-executor2895463622"], 0x7ffee766ab30 /* 10 vars */) = 0
brk(NULL)                               = 0x555557505000
brk(0x555557505d00)                     = 0x555557505d00
arch_prctl(ARCH_SET_FS, 0x555557505380) = 0
set_tid_address(0x555557505650)         = 298
set_robust_list(0x555557505660, 24)     = 0
rseq(0x555557505ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2895463622", 4096) = 28
getrandom("\x83\xb9\x45\xf2\x32\x12\x04\x1e", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555557505d00
brk(0x555557526d00)                     = 0x555557526d00
brk(0x555557527000)                     = 0x555557527000
mprotect(0x7fc74bcc9000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.kJwhWl", 0700)       = 0
chmod("./syzkaller.kJwhWl", 0777)       = 0
chdir("./syzkaller.kJwhWl")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 300
./strace-static-x86_64: Process 300 attached
[pid   300] set_robust_list(0x555557505660, 24) = 0
[pid   300] chdir("./0")                = 0
[pid   300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   300] setpgid(0, 0)               = 0
[pid   300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   300] write(3, "1000", 4)         = 4
[pid   300] close(3)                    = 0
[pid   300] symlink("/dev/binderfs", "./binderfs") = 0
[pid   300] memfd_create("syzkaller", 0) = 3
[pid   300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   300] munmap(0x7fc743815000, 1048576) = 0
[pid   300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   300] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   300] close(3)                    = 0
[   24.473981][   T28] audit: type=1400 audit(1689412790.443:66): avc:  denied  { execmem } for  pid=298 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.493233][   T28] audit: type=1400 audit(1689412790.443:67): avc:  denied  { read write } for  pid=298 comm="syz-executor289" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.506416][  T300] loop0: detected capacity change from 0 to 2048
[pid   300] mkdir("./file0", 0777)      = 0
[   24.523613][   T28] audit: type=1400 audit(1689412790.443:68): avc:  denied  { open } for  pid=298 comm="syz-executor289" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.548357][   T28] audit: type=1400 audit(1689412790.443:69): avc:  denied  { ioctl } for  pid=298 comm="syz-executor289" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid   300] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   300] chdir("./file0")            = 0
[pid   300] ioctl(4, LOOP_CLR_FD)       = 0
[pid   300] close(4)                    = 0
[pid   300] creat("./bus", 000)         = 4
[pid   300] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   300] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   24.560571][  T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   24.574143][   T28] audit: type=1400 audit(1689412790.493:70): avc:  denied  { mounton } for  pid=300 comm="syz-executor289" path="/root/syzkaller.kJwhWl/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   24.606500][   T28] audit: type=1400 audit(1689412790.553:71): avc:  denied  { mount } for  pid=300 comm="syz-executor289" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   24.608185][  T300] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   24.628210][   T28] audit: type=1400 audit(1689412790.563:72): avc:  denied  { write } for  pid=300 comm="syz-executor289" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[pid   300] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   300] exit_group(0)               = ?
[pid   300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
[   24.641775][  T300] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   24.662756][   T28] audit: type=1400 audit(1689412790.563:73): avc:  denied  { add_name } for  pid=300 comm="syz-executor289" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   24.698467][   T28] audit: type=1400 audit(1689412790.563:74): avc:  denied  { create } for  pid=300 comm="syz-executor289" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 306
./strace-static-x86_64: Process 306 attached
[pid   306] set_robust_list(0x555557505660, 24) = 0
[pid   306] chdir("./1")                = 0
[pid   306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   306] setpgid(0, 0)               = 0
[pid   306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   306] write(3, "1000", 4)         = 4
[pid   306] close(3)                    = 0
[pid   306] symlink("/dev/binderfs", "./binderfs") = 0
[pid   306] memfd_create("syzkaller", 0) = 3
[pid   306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   306] munmap(0x7fc743815000, 1048576) = 0
[pid   306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   24.703332][  T300] syz-executor289 (300) used greatest stack depth: 22248 bytes left
[   24.718833][   T28] audit: type=1400 audit(1689412790.563:75): avc:  denied  { write open } for  pid=300 comm="syz-executor289" path="/root/syzkaller.kJwhWl/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   24.751827][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   306] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   306] close(3)                    = 0
[pid   306] mkdir("./file0", 0777)      = 0
[pid   306] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   306] chdir("./file0")            = 0
[pid   306] ioctl(4, LOOP_CLR_FD)       = 0
[pid   306] close(4)                    = 0
[pid   306] creat("./bus", 000)         = 4
[pid   306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   306] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   24.775729][  T306] loop0: detected capacity change from 0 to 2048
[   24.790091][  T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   306] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   306] exit_group(0)               = ?
[pid   306] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 309
./strace-static-x86_64: Process 309 attached
[pid   309] set_robust_list(0x555557505660, 24) = 0
[pid   309] chdir("./2")                = 0
[pid   309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   309] setpgid(0, 0)               = 0
[pid   309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   309] write(3, "1000", 4)         = 4
[pid   309] close(3)                    = 0
[pid   309] symlink("/dev/binderfs", "./binderfs") = 0
[pid   309] memfd_create("syzkaller", 0) = 3
[pid   309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   309] munmap(0x7fc743815000, 1048576) = 0
[pid   309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   24.819213][  T306] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   24.831573][  T306] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   24.850588][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   309] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   309] close(3)                    = 0
[pid   309] mkdir("./file0", 0777)      = 0
[pid   309] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   309] chdir("./file0")            = 0
[pid   309] ioctl(4, LOOP_CLR_FD)       = 0
[pid   309] close(4)                    = 0
[pid   309] creat("./bus", 000)         = 4
[pid   309] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   309] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   309] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   24.872705][  T309] loop0: detected capacity change from 0 to 2048
[   24.889858][  T309] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   309] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   309] exit_group(0)               = ?
[pid   309] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 312
./strace-static-x86_64: Process 312 attached
[pid   312] set_robust_list(0x555557505660, 24) = 0
[pid   312] chdir("./3")                = 0
[pid   312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   312] setpgid(0, 0)               = 0
[pid   312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   312] write(3, "1000", 4)         = 4
[pid   312] close(3)                    = 0
[pid   312] symlink("/dev/binderfs", "./binderfs") = 0
[pid   312] memfd_create("syzkaller", 0) = 3
[pid   312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   312] munmap(0x7fc743815000, 1048576) = 0
[pid   312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   24.918116][  T309] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   24.930355][  T309] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   24.957150][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   312] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   312] close(3)                    = 0
[pid   312] mkdir("./file0", 0777)      = 0
[pid   312] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   312] chdir("./file0")            = 0
[pid   312] ioctl(4, LOOP_CLR_FD)       = 0
[pid   312] close(4)                    = 0
[pid   312] creat("./bus", 000)         = 4
[pid   312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   312] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   24.983271][  T312] loop0: detected capacity change from 0 to 2048
[   24.999995][  T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   25.016363][  T312] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   25.028877][  T312] ==================================================================
[   25.036758][  T312] BUG: KASAN: use-after-free in get_max_inline_xattr_value_size+0x36e/0x510
[   25.045262][  T312] Read of size 4 at addr ffff888121308004 by task syz-executor289/312
[   25.053246][  T312] 
[   25.055426][  T312] CPU: 1 PID: 312 Comm: syz-executor289 Not tainted 6.1.25-syzkaller-00027-ga24911abfd55 #0
[   25.065307][  T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   25.075524][  T312] Call Trace:
[   25.078819][  T312]  <TASK>
[   25.081593][  T312]  dump_stack_lvl+0x151/0x1b7
[   25.086239][  T312]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.091484][  T312]  ? _printk+0xd1/0x111
[   25.095497][  T312]  ? __virt_addr_valid+0x242/0x2f0
[   25.100429][  T312]  print_report+0x158/0x4e0
[   25.104770][  T312]  ? __virt_addr_valid+0x242/0x2f0
[   25.109713][  T312]  ? kasan_addr_to_slab+0xd/0x80
[   25.114486][  T312]  ? get_max_inline_xattr_value_size+0x36e/0x510
[   25.120649][  T312]  kasan_report+0x13c/0x170
[   25.124988][  T312]  ? get_max_inline_xattr_value_size+0x36e/0x510
[   25.131326][  T312]  __asan_report_load4_noabort+0x14/0x20
[   25.136927][  T312]  get_max_inline_xattr_value_size+0x36e/0x510
[   25.142905][  T312]  ext4_get_max_inline_size+0x13d/0x1f0
[   25.148294][  T312]  ? ext4_ind_truncate_ensure_credits+0x770/0x770
[   25.154529][  T312]  ? ext4_get_inode_loc+0x14b/0x190
[   25.159563][  T312]  ? ext4_update_inode_fsync_trans+0x2a0/0x2a0
[   25.165646][  T312]  ext4_try_to_write_inline_data+0xd3/0x1420
[   25.171454][  T312]  ? ext4_xattr_ibody_get+0x33d/0x610
[   25.176759][  T312]  ? mb_cache_entry_put+0x90/0x90
[   25.181608][  T312]  ? zero_user_segment+0x2d0/0x2d0
[   25.186645][  T312]  ext4_write_begin+0x200/0xfb0
[   25.191331][  T312]  ? ext4_xattr_security_get+0x32/0x40
[   25.196624][  T312]  ? ext4_initxattrs+0x120/0x120
[   25.201571][  T312]  ? __vfs_getxattr+0x3c3/0x3f0
[   25.206261][  T312]  ? ext4_readahead+0x110/0x110
[   25.210943][  T312]  ? cap_inode_need_killpriv+0x51/0x60
[   25.216239][  T312]  ext4_da_write_begin+0x2ff/0x920
[   25.221189][  T312]  ? file_remove_privs+0x20/0x20
[   25.225965][  T312]  ? ext4_dirty_folio+0xf0/0xf0
[   25.230740][  T312]  ? current_time+0x1af/0x2f0
[   25.235246][  T312]  generic_perform_write+0x2f9/0x5c0
[   25.240756][  T312]  ? generic_file_direct_write+0x6b0/0x6b0
[   25.246389][  T312]  ? generic_write_checks_count+0x490/0x490
[   25.252194][  T312]  ext4_buffered_write_iter+0x360/0x640
[   25.257572][  T312]  ? __kasan_check_write+0x14/0x20
[   25.262520][  T312]  ext4_file_write_iter+0x194/0x1cf0
[   25.267645][  T312]  ? compat_start_thread+0x20/0x20
[   25.272591][  T312]  ? avc_policy_seqno+0x1b/0x70
[   25.277278][  T312]  ? ext4_file_read_iter+0x470/0x470
[   25.282398][  T312]  ? fsnotify_perm+0x6a/0x5d0
[   25.286910][  T312]  vfs_write+0x8d1/0xe80
[   25.290999][  T312]  ? file_end_write+0x1c0/0x1c0
[   25.295708][  T312]  ? ptrace_stop+0x709/0x930
[   25.300464][  T312]  ? __kasan_check_read+0x11/0x20
[   25.305916][  T312]  ? __fdget_pos+0x284/0x310
[   25.310349][  T312]  ksys_write+0x199/0x2c0
[   25.314599][  T312]  ? do_notify_parent+0xa20/0xa20
[   25.319546][  T312]  ? __ia32_sys_read+0x90/0x90
[   25.324146][  T312]  ? fpregs_restore_userregs+0x130/0x290
[   25.329615][  T312]  __x64_sys_write+0x7b/0x90
[   25.334039][  T312]  do_syscall_64+0x3d/0xb0
[   25.338291][  T312]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.344027][  T312] RIP: 0033:0x7fc74bc54329
[   25.348366][  T312] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.367808][  T312] RSP: 002b:00007ffdb248cf38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   25.376055][  T312] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc74bc54329
[   25.383859][  T312] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000004
[   25.391799][  T312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   25.399624][  T312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.407420][  T312] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffdb248cfa0
[   25.415232][  T312]  </TASK>
[   25.418097][  T312] 
[   25.420263][  T312] The buggy address belongs to the physical page:
[   25.426516][  T312] page:ffffea000484c200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x121308
[   25.436582][  T312] flags: 0x4000000000000000(zone=1)
[   25.441624][  T312] raw: 4000000000000000 ffffea000484c248 ffffea000484c948 0000000000000000
[   25.450042][  T312] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   25.458727][  T312] page dumped because: kasan: bad access detected
[   25.464967][  T312] page_owner tracks the page as freed
[   25.470258][  T312] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 306, tgid 306 (syz-executor289), ts 24774942178, free_ts 24859714760
[   25.487896][  T312]  post_alloc_hook+0x213/0x220
[   25.492478][  T312]  get_page_from_freelist+0x276c/0x2850
[   25.497860][  T312]  __alloc_pages+0x3a1/0x780
[   25.502283][  T312]  __folio_alloc+0x15/0x40
[   25.506540][  T312]  shmem_alloc_and_acct_folio+0x78c/0xa50
[   25.512093][  T312]  shmem_get_folio_gfp+0x12d4/0x24b0
[   25.517213][  T312]  shmem_write_begin+0x164/0x3a0
[   25.521987][  T312]  generic_perform_write+0x2f9/0x5c0
[   25.527108][  T312]  __generic_file_write_iter+0x174/0x3a0
[   25.532574][  T312]  generic_file_write_iter+0xb1/0x310
[   25.537788][  T312]  vfs_write+0x8d1/0xe80
[   25.541863][  T312]  ksys_write+0x199/0x2c0
[   25.546030][  T312]  __x64_sys_write+0x7b/0x90
[   25.551060][  T312]  do_syscall_64+0x3d/0xb0
[   25.555317][  T312]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   25.561190][  T312] page last free stack trace:
[   25.566095][  T312]  free_unref_page_prepare+0x83d/0x850
[   25.571580][  T312]  free_unref_page_list+0xf6/0x6c0
[   25.576771][  T312]  release_pages+0xf7f/0xfe0
[   25.581424][  T312]  __pagevec_release+0x84/0x100
[   25.586530][  T312]  shmem_undo_range+0x609/0x15b0
[   25.591309][  T312]  shmem_evict_inode+0x25f/0xa30
[   25.596077][  T312]  evict+0x2a3/0x630
[   25.599897][  T312]  iput+0x642/0x870
[   25.603647][  T312]  dentry_unlink_inode+0x34f/0x440
[   25.608580][  T312]  __dentry_kill+0x447/0x650
[   25.613003][  T312]  dentry_kill+0xc0/0x2a0
[   25.617512][  T312]  dput+0x160/0x310
[   25.621535][  T312]  __fput+0x5f0/0x870
[   25.625345][  T312]  ____fput+0x15/0x20
[   25.629344][  T312]  task_work_run+0x24d/0x2e0
[   25.634190][  T312]  ptrace_notify+0x29e/0x350
[   25.638618][  T312] 
[   25.641013][  T312] Memory state around the buggy address:
[   25.646783][  T312]  ffff888121307f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.654840][  T312]  ffff888121307f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.662911][  T312] >ffff888121308000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.671115][  T312]                    ^
[   25.675022][  T312]  ffff888121308080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[pid   312] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   312] exit_group(0)               = ?
[pid   312] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 316
./strace-static-x86_64: Process 316 attached
[pid   316] set_robust_list(0x555557505660, 24) = 0
[pid   316] chdir("./4")                = 0
[pid   316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   316] setpgid(0, 0)               = 0
[pid   316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   316] write(3, "1000", 4)         = 4
[pid   316] close(3)                    = 0
[pid   316] symlink("/dev/binderfs", "./binderfs") = 0
[pid   316] memfd_create("syzkaller", 0) = 3
[pid   316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   316] munmap(0x7fc743815000, 1048576) = 0
[pid   316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   25.683628][  T312]  ffff888121308100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.691617][  T312] ==================================================================
[   25.700606][  T312] Disabling lock debugging due to kernel taint
[   25.707795][  T312] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   25.729114][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   316] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   316] close(3)                    = 0
[pid   316] mkdir("./file0", 0777)      = 0
[pid   316] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   316] chdir("./file0")            = 0
[pid   316] ioctl(4, LOOP_CLR_FD)       = 0
[pid   316] close(4)                    = 0
[pid   316] creat("./bus", 000)         = 4
[pid   316] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   316] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   316] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   25.761089][  T316] loop0: detected capacity change from 0 to 2048
[   25.780273][  T316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   316] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   316] exit_group(0)               = ?
[pid   316] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 319
./strace-static-x86_64: Process 319 attached
[pid   319] set_robust_list(0x555557505660, 24) = 0
[pid   319] chdir("./5")                = 0
[pid   319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   319] setpgid(0, 0)               = 0
[pid   319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   319] write(3, "1000", 4)         = 4
[pid   319] close(3)                    = 0
[pid   319] symlink("/dev/binderfs", "./binderfs") = 0
[pid   319] memfd_create("syzkaller", 0) = 3
[pid   319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   319] munmap(0x7fc743815000, 1048576) = 0
[pid   319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   25.803746][  T316] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   25.816185][  T316] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   25.836246][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   319] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   319] close(3)                    = 0
[pid   319] mkdir("./file0", 0777)      = 0
[pid   319] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   319] chdir("./file0")            = 0
[pid   319] ioctl(4, LOOP_CLR_FD)       = 0
[pid   319] close(4)                    = 0
[pid   319] creat("./bus", 000)         = 4
[pid   319] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   319] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   319] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   25.868442][  T319] loop0: detected capacity change from 0 to 2048
[   25.889879][  T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   319] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   319] exit_group(0)               = ?
[pid   319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 322
./strace-static-x86_64: Process 322 attached
[pid   322] set_robust_list(0x555557505660, 24) = 0
[pid   322] chdir("./6")                = 0
[pid   322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   322] setpgid(0, 0)               = 0
[pid   322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   322] write(3, "1000", 4)         = 4
[pid   322] close(3)                    = 0
[pid   322] symlink("/dev/binderfs", "./binderfs") = 0
[pid   322] memfd_create("syzkaller", 0) = 3
[pid   322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   322] munmap(0x7fc743815000, 1048576) = 0
[pid   322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   25.911857][  T319] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   25.924741][  T319] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   25.947503][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   322] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   322] close(3)                    = 0
[pid   322] mkdir("./file0", 0777)      = 0
[pid   322] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   322] chdir("./file0")            = 0
[pid   322] ioctl(4, LOOP_CLR_FD)       = 0
[pid   322] close(4)                    = 0
[pid   322] creat("./bus", 000)         = 4
[pid   322] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   322] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   322] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   25.969883][  T322] loop0: detected capacity change from 0 to 2048
[   25.979699][  T322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   25.997496][  T322] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   322] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   322] exit_group(0)               = ?
[pid   322] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 325
./strace-static-x86_64: Process 325 attached
[pid   325] set_robust_list(0x555557505660, 24) = 0
[pid   325] chdir("./7")                = 0
[pid   325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   325] setpgid(0, 0)               = 0
[pid   325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   325] write(3, "1000", 4)         = 4
[pid   325] close(3)                    = 0
[pid   325] symlink("/dev/binderfs", "./binderfs") = 0
[pid   325] memfd_create("syzkaller", 0) = 3
[pid   325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   325] munmap(0x7fc743815000, 1048576) = 0
[pid   325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   325] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   325] close(3)                    = 0
[pid   325] mkdir("./file0", 0777)      = 0
[   26.009841][  T322] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.029286][  T298] EXT4-fs (loop0): unmounting filesystem.
[   26.057530][  T325] loop0: detected capacity change from 0 to 2048
[pid   325] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   325] chdir("./file0")            = 0
[pid   325] ioctl(4, LOOP_CLR_FD)       = 0
[pid   325] close(4)                    = 0
[pid   325] creat("./bus", 000)         = 4
[pid   325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   325] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   325] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   325] exit_group(0)               = ?
[pid   325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[   26.070516][  T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.087573][  T325] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   26.099980][  T325] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 328 attached
 <unfinished ...>
[pid   328] set_robust_list(0x555557505660, 24) = 0
[pid   328] chdir("./8")                = 0
[pid   328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   328] setpgid(0, 0)               = 0
[pid   328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   328] write(3, "1000", 4)         = 4
[pid   328] close(3)                    = 0
[pid   328] symlink("/dev/binderfs", "./binderfs") = 0
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 328
[pid   328] memfd_create("syzkaller", 0) = 3
[pid   328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   328] munmap(0x7fc743815000, 1048576) = 0
[pid   328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.119669][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   328] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   328] close(3)                    = 0
[pid   328] mkdir("./file0", 0777)      = 0
[pid   328] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   328] chdir("./file0")            = 0
[pid   328] ioctl(4, LOOP_CLR_FD)       = 0
[pid   328] close(4)                    = 0
[pid   328] creat("./bus", 000)         = 4
[pid   328] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   328] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   328] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   26.146423][  T328] loop0: detected capacity change from 0 to 2048
[   26.160390][  T328] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.179353][  T328] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   328] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   328] exit_group(0)               = ?
[pid   328] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs")                  = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 331
./strace-static-x86_64: Process 331 attached
[pid   331] set_robust_list(0x555557505660, 24) = 0
[pid   331] chdir("./9")                = 0
[pid   331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   331] setpgid(0, 0)               = 0
[pid   331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   331] write(3, "1000", 4)         = 4
[pid   331] close(3)                    = 0
[pid   331] symlink("/dev/binderfs", "./binderfs") = 0
[pid   331] memfd_create("syzkaller", 0) = 3
[pid   331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   331] munmap(0x7fc743815000, 1048576) = 0
[pid   331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.193288][  T328] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.213835][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   331] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   331] close(3)                    = 0
[pid   331] mkdir("./file0", 0777)      = 0
[pid   331] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   331] chdir("./file0")            = 0
[pid   331] ioctl(4, LOOP_CLR_FD)       = 0
[pid   331] close(4)                    = 0
[pid   331] creat("./bus", 000)         = 4
[pid   331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   331] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   331] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   26.245758][  T331] loop0: detected capacity change from 0 to 2048
[   26.269811][  T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   331] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   331] exit_group(0)               = ?
[pid   331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file0")                      = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 334 attached
 <unfinished ...>
[pid   334] set_robust_list(0x555557505660, 24) = 0
[pid   334] chdir("./10")               = 0
[pid   334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   334] setpgid(0, 0)               = 0
[pid   334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   334] write(3, "1000", 4)         = 4
[pid   334] close(3)                    = 0
[pid   334] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 334
[pid   334] <... symlink resumed>)      = 0
[pid   334] memfd_create("syzkaller", 0) = 3
[pid   334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   334] munmap(0x7fc743815000, 1048576) = 0
[pid   334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.287156][  T331] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   26.299745][  T331] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.318898][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   334] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   334] close(3)                    = 0
[pid   334] mkdir("./file0", 0777)      = 0
[   26.345012][  T334] loop0: detected capacity change from 0 to 2048
[pid   334] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   334] chdir("./file0")            = 0
[pid   334] ioctl(4, LOOP_CLR_FD)       = 0
[pid   334] close(4)                    = 0
[pid   334] creat("./bus", 000)         = 4
[pid   334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   334] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   334] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   334] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   334] exit_group(0)               = ?
[pid   334] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs")                 = 0
[   26.369792][  T334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.387525][  T334] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   26.399906][  T334] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 337
./strace-static-x86_64: Process 337 attached
[pid   337] set_robust_list(0x555557505660, 24) = 0
[pid   337] chdir("./11")               = 0
[pid   337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   337] setpgid(0, 0)               = 0
[pid   337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   337] write(3, "1000", 4)         = 4
[pid   337] close(3)                    = 0
[pid   337] symlink("/dev/binderfs", "./binderfs") = 0
[pid   337] memfd_create("syzkaller", 0) = 3
[pid   337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   337] munmap(0x7fc743815000, 1048576) = 0
[pid   337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   337] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   337] close(3)                    = 0
[pid   337] mkdir("./file0", 0777)      = 0
[   26.421735][  T298] EXT4-fs (loop0): unmounting filesystem.
[   26.460053][  T337] loop0: detected capacity change from 0 to 2048
[pid   337] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   337] chdir("./file0")            = 0
[pid   337] ioctl(4, LOOP_CLR_FD)       = 0
[pid   337] close(4)                    = 0
[pid   337] creat("./bus", 000)         = 4
[pid   337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   337] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   337] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   337] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   337] exit_group(0)               = ?
[pid   337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs")                 = 0
[   26.469778][  T337] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.487648][  T337] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   26.500178][  T337] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 340
./strace-static-x86_64: Process 340 attached
[pid   340] set_robust_list(0x555557505660, 24) = 0
[pid   340] chdir("./12")               = 0
[pid   340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   340] setpgid(0, 0)               = 0
[pid   340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   340] write(3, "1000", 4)         = 4
[pid   340] close(3)                    = 0
[pid   340] symlink("/dev/binderfs", "./binderfs") = 0
[pid   340] memfd_create("syzkaller", 0) = 3
[pid   340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   340] munmap(0x7fc743815000, 1048576) = 0
[pid   340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.520369][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   340] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   340] close(3)                    = 0
[pid   340] mkdir("./file0", 0777)      = 0
[pid   340] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   340] chdir("./file0")            = 0
[pid   340] ioctl(4, LOOP_CLR_FD)       = 0
[pid   340] close(4)                    = 0
[pid   340] creat("./bus", 000)         = 4
[pid   340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   340] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   340] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   26.544074][  T340] loop0: detected capacity change from 0 to 2048
[   26.560447][  T340] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.579860][  T340] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   340] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   340] exit_group(0)               = ?
[pid   340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 343
./strace-static-x86_64: Process 343 attached
[pid   343] set_robust_list(0x555557505660, 24) = 0
[pid   343] chdir("./13")               = 0
[pid   343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   343] setpgid(0, 0)               = 0
[pid   343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   343] write(3, "1000", 4)         = 4
[pid   343] close(3)                    = 0
[pid   343] symlink("/dev/binderfs", "./binderfs") = 0
[pid   343] memfd_create("syzkaller", 0) = 3
[pid   343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   343] munmap(0x7fc743815000, 1048576) = 0
[pid   343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.592111][  T340] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.615982][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   343] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   343] close(3)                    = 0
[pid   343] mkdir("./file0", 0777)      = 0
[pid   343] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   343] chdir("./file0")            = 0
[pid   343] ioctl(4, LOOP_CLR_FD)       = 0
[pid   343] close(4)                    = 0
[pid   343] creat("./bus", 000)         = 4
[pid   343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   343] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   26.648794][  T343] loop0: detected capacity change from 0 to 2048
[   26.670139][  T343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.687119][  T343] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   343] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   343] exit_group(0)               = ?
[pid   343] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 347 attached
 <unfinished ...>
[pid   347] set_robust_list(0x555557505660, 24) = 0
[pid   347] chdir("./14")               = 0
[pid   347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   347] setpgid(0, 0)               = 0
[pid   347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 347
[pid   347] write(3, "1000", 4)         = 4
[pid   347] close(3)                    = 0
[pid   347] symlink("/dev/binderfs", "./binderfs") = 0
[pid   347] memfd_create("syzkaller", 0) = 3
[pid   347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   347] munmap(0x7fc743815000, 1048576) = 0
[pid   347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.699473][  T343] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.720231][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   347] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   347] close(3)                    = 0
[pid   347] mkdir("./file0", 0777)      = 0
[pid   347] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   347] chdir("./file0")            = 0
[pid   347] ioctl(4, LOOP_CLR_FD)       = 0
[pid   347] close(4)                    = 0
[pid   347] creat("./bus", 000)         = 4
[pid   347] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   347] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   26.747716][  T347] loop0: detected capacity change from 0 to 2048
[   26.760296][  T347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.778465][  T347] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   347] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   347] exit_group(0)               = ?
[pid   347] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached
 <unfinished ...>
[pid   350] set_robust_list(0x555557505660, 24) = 0
[pid   350] chdir("./15" <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 350
[pid   350] <... chdir resumed>)        = 0
[pid   350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   350] setpgid(0, 0)               = 0
[pid   350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   350] write(3, "1000", 4)         = 4
[pid   350] close(3)                    = 0
[pid   350] symlink("/dev/binderfs", "./binderfs") = 0
[pid   350] memfd_create("syzkaller", 0) = 3
[pid   350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   350] munmap(0x7fc743815000, 1048576) = 0
[pid   350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   350] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   350] close(3)                    = 0
[pid   350] mkdir("./file0", 0777)      = 0
[   26.790955][  T347] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.810464][  T298] EXT4-fs (loop0): unmounting filesystem.
[   26.839568][  T350] loop0: detected capacity change from 0 to 2048
[pid   350] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   350] chdir("./file0")            = 0
[pid   350] ioctl(4, LOOP_CLR_FD)       = 0
[pid   350] close(4)                    = 0
[pid   350] creat("./bus", 000)         = 4
[pid   350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   350] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   350] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   350] exit_group(0)               = ?
[pid   350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs")                 = 0
[   26.849766][  T350] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   26.867015][  T350] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   26.879389][  T350] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 353
./strace-static-x86_64: Process 353 attached
[pid   353] set_robust_list(0x555557505660, 24) = 0
[pid   353] chdir("./16")               = 0
[pid   353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   353] setpgid(0, 0)               = 0
[pid   353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   353] write(3, "1000", 4)         = 4
[pid   353] close(3)                    = 0
[pid   353] symlink("/dev/binderfs", "./binderfs") = 0
[pid   353] memfd_create("syzkaller", 0) = 3
[pid   353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   353] munmap(0x7fc743815000, 1048576) = 0
[pid   353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   353] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   353] close(3)                    = 0
[pid   353] mkdir("./file0", 0777)      = 0
[pid   353] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   353] chdir("./file0")            = 0
[pid   353] ioctl(4, LOOP_CLR_FD)       = 0
[pid   353] close(4)                    = 0
[pid   353] creat("./bus", 000)         = 4
[pid   353] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   353] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   26.904268][  T298] EXT4-fs (loop0): unmounting filesystem.
[   26.926013][  T353] loop0: detected capacity change from 0 to 2048
[   26.939849][  T353] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   353] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   353] exit_group(0)               = ?
[pid   353] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs")                 = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 356
./strace-static-x86_64: Process 356 attached
[pid   356] set_robust_list(0x555557505660, 24) = 0
[pid   356] chdir("./17")               = 0
[pid   356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   356] setpgid(0, 0)               = 0
[pid   356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   356] write(3, "1000", 4)         = 4
[pid   356] close(3)                    = 0
[pid   356] symlink("/dev/binderfs", "./binderfs") = 0
[pid   356] memfd_create("syzkaller", 0) = 3
[pid   356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   356] munmap(0x7fc743815000, 1048576) = 0
[pid   356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   26.957636][  T353] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   26.969879][  T353] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   26.991634][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   356] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   356] close(3)                    = 0
[pid   356] mkdir("./file0", 0777)      = 0
[pid   356] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   356] chdir("./file0")            = 0
[pid   356] ioctl(4, LOOP_CLR_FD)       = 0
[pid   356] close(4)                    = 0
[pid   356] creat("./bus", 000)         = 4
[pid   356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   356] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   356] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.014864][  T356] loop0: detected capacity change from 0 to 2048
[   27.030041][  T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   356] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   356] exit_group(0)               = ?
[pid   356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 359
./strace-static-x86_64: Process 359 attached
[pid   359] set_robust_list(0x555557505660, 24) = 0
[pid   359] chdir("./18")               = 0
[pid   359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   359] setpgid(0, 0)               = 0
[pid   359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "1000", 4)         = 4
[pid   359] close(3)                    = 0
[pid   359] symlink("/dev/binderfs", "./binderfs") = 0
[pid   359] memfd_create("syzkaller", 0) = 3
[pid   359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   359] munmap(0x7fc743815000, 1048576) = 0
[pid   359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.053758][  T356] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   27.066250][  T356] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.090115][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   359] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   359] close(3)                    = 0
[pid   359] mkdir("./file0", 0777)      = 0
[pid   359] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   359] chdir("./file0")            = 0
[pid   359] ioctl(4, LOOP_CLR_FD)       = 0
[pid   359] close(4)                    = 0
[pid   359] creat("./bus", 000)         = 4
[pid   359] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   359] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.124837][  T359] loop0: detected capacity change from 0 to 2048
[   27.150067][  T359] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   359] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   359] exit_group(0)               = ?
[pid   359] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs")                 = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 362
./strace-static-x86_64: Process 362 attached
[pid   362] set_robust_list(0x555557505660, 24) = 0
[pid   362] chdir("./19")               = 0
[pid   362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   362] setpgid(0, 0)               = 0
[pid   362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   362] write(3, "1000", 4)         = 4
[pid   362] close(3)                    = 0
[pid   362] symlink("/dev/binderfs", "./binderfs") = 0
[pid   362] memfd_create("syzkaller", 0) = 3
[pid   362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   362] munmap(0x7fc743815000, 1048576) = 0
[pid   362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.171006][  T359] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   27.183391][  T359] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.207700][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   362] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   362] close(3)                    = 0
[pid   362] mkdir("./file0", 0777)      = 0
[pid   362] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   362] chdir("./file0")            = 0
[pid   362] ioctl(4, LOOP_CLR_FD)       = 0
[pid   362] close(4)                    = 0
[pid   362] creat("./bus", 000)         = 4
[pid   362] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   362] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   362] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.231320][  T362] loop0: detected capacity change from 0 to 2048
[   27.249936][  T362] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.267992][  T362] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   362] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   362] exit_group(0)               = ?
[pid   362] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 365
./strace-static-x86_64: Process 365 attached
[pid   365] set_robust_list(0x555557505660, 24) = 0
[pid   365] chdir("./20")               = 0
[pid   365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   365] setpgid(0, 0)               = 0
[pid   365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   365] write(3, "1000", 4)         = 4
[pid   365] close(3)                    = 0
[pid   365] symlink("/dev/binderfs", "./binderfs") = 0
[pid   365] memfd_create("syzkaller", 0) = 3
[pid   365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   365] munmap(0x7fc743815000, 1048576) = 0
[pid   365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.280887][  T362] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.302705][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   365] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   365] close(3)                    = 0
[pid   365] mkdir("./file0", 0777)      = 0
[pid   365] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   365] chdir("./file0")            = 0
[pid   365] ioctl(4, LOOP_CLR_FD)       = 0
[pid   365] close(4)                    = 0
[pid   365] creat("./bus", 000)         = 4
[pid   365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   365] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.328190][  T365] loop0: detected capacity change from 0 to 2048
[   27.339854][  T365] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.356863][  T365] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   365] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   365] exit_group(0)               = ?
[pid   365] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 368
./strace-static-x86_64: Process 368 attached
[pid   368] set_robust_list(0x555557505660, 24) = 0
[pid   368] chdir("./21")               = 0
[pid   368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   368] setpgid(0, 0)               = 0
[pid   368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   368] write(3, "1000", 4)         = 4
[pid   368] close(3)                    = 0
[pid   368] symlink("/dev/binderfs", "./binderfs") = 0
[pid   368] memfd_create("syzkaller", 0) = 3
[pid   368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   368] munmap(0x7fc743815000, 1048576) = 0
[pid   368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   368] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   368] close(3)                    = 0
[pid   368] mkdir("./file0", 0777)      = 0
[   27.369299][  T365] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.390251][  T298] EXT4-fs (loop0): unmounting filesystem.
[   27.416500][  T368] loop0: detected capacity change from 0 to 2048
[pid   368] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   368] chdir("./file0")            = 0
[pid   368] ioctl(4, LOOP_CLR_FD)       = 0
[pid   368] close(4)                    = 0
[pid   368] creat("./bus", 000)         = 4
[pid   368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   368] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   368] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   368] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   368] exit_group(0)               = ?
[pid   368] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs")                 = 0
[   27.430195][  T368] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.448134][  T368] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   27.460525][  T368] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 371
./strace-static-x86_64: Process 371 attached
[pid   371] set_robust_list(0x555557505660, 24) = 0
[pid   371] chdir("./22")               = 0
[pid   371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   371] setpgid(0, 0)               = 0
[pid   371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   371] write(3, "1000", 4)         = 4
[pid   371] close(3)                    = 0
[pid   371] symlink("/dev/binderfs", "./binderfs") = 0
[pid   371] memfd_create("syzkaller", 0) = 3
[pid   371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   371] munmap(0x7fc743815000, 1048576) = 0
[pid   371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   371] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   371] close(3)                    = 0
[pid   371] mkdir("./file0", 0777)      = 0
[   27.482356][  T298] EXT4-fs (loop0): unmounting filesystem.
[   27.507101][  T371] loop0: detected capacity change from 0 to 2048
[pid   371] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   371] chdir("./file0")            = 0
[pid   371] ioctl(4, LOOP_CLR_FD)       = 0
[pid   371] close(4)                    = 0
[pid   371] creat("./bus", 000)         = 4
[pid   371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   371] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   371] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   371] exit_group(0)               = ?
[pid   371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs")                 = 0
[   27.530063][  T371] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.547795][  T371] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   27.560377][  T371] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 374
./strace-static-x86_64: Process 374 attached
[pid   374] set_robust_list(0x555557505660, 24) = 0
[pid   374] chdir("./23")               = 0
[pid   374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   374] setpgid(0, 0)               = 0
[pid   374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   374] write(3, "1000", 4)         = 4
[pid   374] close(3)                    = 0
[pid   374] symlink("/dev/binderfs", "./binderfs") = 0
[pid   374] memfd_create("syzkaller", 0) = 3
[pid   374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   374] munmap(0x7fc743815000, 1048576) = 0
[pid   374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.579067][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   374] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   374] close(3)                    = 0
[pid   374] mkdir("./file0", 0777)      = 0
[pid   374] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   374] chdir("./file0")            = 0
[pid   374] ioctl(4, LOOP_CLR_FD)       = 0
[pid   374] close(4)                    = 0
[pid   374] creat("./bus", 000)         = 4
[pid   374] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   374] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   374] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.611715][  T374] loop0: detected capacity change from 0 to 2048
[   27.629835][  T374] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.648086][  T374] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   374] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   374] exit_group(0)               = ?
[pid   374] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 378
./strace-static-x86_64: Process 378 attached
[pid   378] set_robust_list(0x555557505660, 24) = 0
[pid   378] chdir("./24")               = 0
[pid   378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   378] setpgid(0, 0)               = 0
[pid   378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   378] write(3, "1000", 4)         = 4
[pid   378] close(3)                    = 0
[pid   378] symlink("/dev/binderfs", "./binderfs") = 0
[pid   378] memfd_create("syzkaller", 0) = 3
[pid   378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   378] munmap(0x7fc743815000, 1048576) = 0
[pid   378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.660427][  T374] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.679400][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   378] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   378] close(3)                    = 0
[pid   378] mkdir("./file0", 0777)      = 0
[pid   378] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   378] chdir("./file0")            = 0
[pid   378] ioctl(4, LOOP_CLR_FD)       = 0
[pid   378] close(4)                    = 0
[pid   378] creat("./bus", 000)         = 4
[pid   378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   378] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.717458][  T378] loop0: detected capacity change from 0 to 2048
[   27.729976][  T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.749172][  T378] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   378] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   378] exit_group(0)               = ?
[pid   378] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 381
./strace-static-x86_64: Process 381 attached
[pid   381] set_robust_list(0x555557505660, 24) = 0
[pid   381] chdir("./25")               = 0
[pid   381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   381] setpgid(0, 0)               = 0
[pid   381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   381] write(3, "1000", 4)         = 4
[pid   381] close(3)                    = 0
[pid   381] symlink("/dev/binderfs", "./binderfs") = 0
[pid   381] memfd_create("syzkaller", 0) = 3
[pid   381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   381] munmap(0x7fc743815000, 1048576) = 0
[pid   381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   381] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   381] close(3)                    = 0
[pid   381] mkdir("./file0", 0777)      = 0
[   27.761781][  T378] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.783748][  T298] EXT4-fs (loop0): unmounting filesystem.
[   27.804985][  T381] loop0: detected capacity change from 0 to 2048
[pid   381] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   381] chdir("./file0")            = 0
[pid   381] ioctl(4, LOOP_CLR_FD)       = 0
[pid   381] close(4)                    = 0
[pid   381] creat("./bus", 000)         = 4
[pid   381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   381] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   381] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   381] exit_group(0)               = ?
[pid   381] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs")                 = 0
[   27.820117][  T381] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.837662][  T381] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   27.850004][  T381] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 384 attached
 <unfinished ...>
[pid   384] set_robust_list(0x555557505660, 24) = 0
[pid   384] chdir("./26")               = 0
[pid   384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   384] setpgid(0, 0)               = 0
[pid   384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   384] write(3, "1000", 4)         = 4
[pid   384] close(3)                    = 0
[pid   384] symlink("/dev/binderfs", "./binderfs") = 0
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 384
[pid   384] memfd_create("syzkaller", 0) = 3
[pid   384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   384] munmap(0x7fc743815000, 1048576) = 0
[pid   384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.869629][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   384] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   384] close(3)                    = 0
[pid   384] mkdir("./file0", 0777)      = 0
[pid   384] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   384] chdir("./file0")            = 0
[pid   384] ioctl(4, LOOP_CLR_FD)       = 0
[pid   384] close(4)                    = 0
[pid   384] creat("./bus", 000)         = 4
[pid   384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   384] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   384] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   27.897847][  T384] loop0: detected capacity change from 0 to 2048
[   27.909827][  T384] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   27.933353][  T384] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   384] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   384] exit_group(0)               = ?
[pid   384] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 387
./strace-static-x86_64: Process 387 attached
[pid   387] set_robust_list(0x555557505660, 24) = 0
[pid   387] chdir("./27")               = 0
[pid   387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   387] setpgid(0, 0)               = 0
[pid   387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   387] write(3, "1000", 4)         = 4
[pid   387] close(3)                    = 0
[pid   387] symlink("/dev/binderfs", "./binderfs") = 0
[pid   387] memfd_create("syzkaller", 0) = 3
[pid   387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   387] munmap(0x7fc743815000, 1048576) = 0
[pid   387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   27.945882][  T384] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   27.967642][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   387] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   387] close(3)                    = 0
[pid   387] mkdir("./file0", 0777)      = 0
[pid   387] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   387] chdir("./file0")            = 0
[pid   387] ioctl(4, LOOP_CLR_FD)       = 0
[pid   387] close(4)                    = 0
[pid   387] creat("./bus", 000)         = 4
[pid   387] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   387] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   387] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.004247][  T387] loop0: detected capacity change from 0 to 2048
[   28.019810][  T387] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   387] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   387] exit_group(0)               = ?
[pid   387] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs")                 = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 390
./strace-static-x86_64: Process 390 attached
[pid   390] set_robust_list(0x555557505660, 24) = 0
[pid   390] chdir("./28")               = 0
[pid   390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   390] setpgid(0, 0)               = 0
[pid   390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   390] write(3, "1000", 4)         = 4
[pid   390] close(3)                    = 0
[pid   390] symlink("/dev/binderfs", "./binderfs") = 0
[pid   390] memfd_create("syzkaller", 0) = 3
[pid   390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   390] munmap(0x7fc743815000, 1048576) = 0
[pid   390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.044374][  T387] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   28.056643][  T387] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   28.081977][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   390] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   390] close(3)                    = 0
[pid   390] mkdir("./file0", 0777)      = 0
[pid   390] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   390] chdir("./file0")            = 0
[pid   390] ioctl(4, LOOP_CLR_FD)       = 0
[pid   390] close(4)                    = 0
[pid   390] creat("./bus", 000)         = 4
[pid   390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.108116][  T390] loop0: detected capacity change from 0 to 2048
[   28.119772][  T390] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   28.136351][  T390] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   390] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   390] exit_group(0)               = ?
[pid   390] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 393
./strace-static-x86_64: Process 393 attached
[pid   393] set_robust_list(0x555557505660, 24) = 0
[pid   393] chdir("./29")               = 0
[pid   393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   393] setpgid(0, 0)               = 0
[pid   393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   393] write(3, "1000", 4)         = 4
[pid   393] close(3)                    = 0
[pid   393] symlink("/dev/binderfs", "./binderfs") = 0
[pid   393] memfd_create("syzkaller", 0) = 3
[pid   393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   393] munmap(0x7fc743815000, 1048576) = 0
[pid   393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.149396][  T390] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   28.170970][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   393] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   393] close(3)                    = 0
[pid   393] mkdir("./file0", 0777)      = 0
[pid   393] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   393] chdir("./file0")            = 0
[pid   393] ioctl(4, LOOP_CLR_FD)       = 0
[pid   393] close(4)                    = 0
[pid   393] creat("./bus", 000)         = 4
[pid   393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   393] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   393] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.200011][  T393] loop0: detected capacity change from 0 to 2048
[   28.209665][  T393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   28.234024][  T393] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   393] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   393] exit_group(0)               = ?
[pid   393] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs")                 = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 396
./strace-static-x86_64: Process 396 attached
[pid   396] set_robust_list(0x555557505660, 24) = 0
[pid   396] chdir("./30")               = 0
[pid   396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   396] setpgid(0, 0)               = 0
[pid   396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   396] write(3, "1000", 4)         = 4
[pid   396] close(3)                    = 0
[pid   396] symlink("/dev/binderfs", "./binderfs") = 0
[pid   396] memfd_create("syzkaller", 0) = 3
[pid   396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   396] munmap(0x7fc743815000, 1048576) = 0
[pid   396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.246947][  T393] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   28.271619][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   396] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   396] close(3)                    = 0
[pid   396] mkdir("./file0", 0777)      = 0
[pid   396] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   396] chdir("./file0")            = 0
[pid   396] ioctl(4, LOOP_CLR_FD)       = 0
[pid   396] close(4)                    = 0
[pid   396] creat("./bus", 000)         = 4
[pid   396] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   396] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.298533][  T396] loop0: detected capacity change from 0 to 2048
[   28.310344][  T396] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   28.334552][  T396] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   396] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   396] exit_group(0)               = ?
[pid   396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 399
./strace-static-x86_64: Process 399 attached
[pid   399] set_robust_list(0x555557505660, 24) = 0
[pid   399] chdir("./31")               = 0
[pid   399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   399] setpgid(0, 0)               = 0
[pid   399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   399] write(3, "1000", 4)         = 4
[pid   399] close(3)                    = 0
[pid   399] symlink("/dev/binderfs", "./binderfs") = 0
[pid   399] memfd_create("syzkaller", 0) = 3
[pid   399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   399] munmap(0x7fc743815000, 1048576) = 0
[pid   399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.347254][  T396] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   28.373807][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   399] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   399] close(3)                    = 0
[pid   399] mkdir("./file0", 0777)      = 0
[pid   399] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   399] chdir("./file0")            = 0
[pid   399] ioctl(4, LOOP_CLR_FD)       = 0
[pid   399] close(4)                    = 0
[pid   399] creat("./bus", 000)         = 4
[pid   399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   399] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   399] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.412544][  T399] loop0: detected capacity change from 0 to 2048
[   28.429736][  T399] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   28.448779][  T399] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   399] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   399] exit_group(0)               = ?
[pid   399] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs")                 = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./31/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 402
./strace-static-x86_64: Process 402 attached
[pid   402] set_robust_list(0x555557505660, 24) = 0
[pid   402] chdir("./32")               = 0
[pid   402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   402] setpgid(0, 0)               = 0
[pid   402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   402] write(3, "1000", 4)         = 4
[pid   402] close(3)                    = 0
[pid   402] symlink("/dev/binderfs", "./binderfs") = 0
[pid   402] memfd_create("syzkaller", 0) = 3
[pid   402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   402] munmap(0x7fc743815000, 1048576) = 0
[pid   402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.461243][  T399] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   402] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   402] close(3)                    = 0
[pid   402] mkdir("./file0", 0777)      = 0
[pid   402] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   402] chdir("./file0")            = 0
[pid   402] ioctl(4, LOOP_CLR_FD)       = 0
[pid   402] close(4)                    = 0
[pid   402] creat("./bus", 000)         = 4
[pid   402] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   402] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   402] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   402] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   402] exit_group(0)               = ?
[pid   402] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs")                 = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./32/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 405
./strace-static-x86_64: Process 405 attached
[pid   405] set_robust_list(0x555557505660, 24) = 0
[pid   405] chdir("./33")               = 0
[pid   405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   405] setpgid(0, 0)               = 0
[pid   405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   405] write(3, "1000", 4)         = 4
[pid   405] close(3)                    = 0
[pid   405] symlink("/dev/binderfs", "./binderfs") = 0
[pid   405] memfd_create("syzkaller", 0) = 3
[pid   405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   405] munmap(0x7fc743815000, 1048576) = 0
[pid   405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.506843][  T402] loop0: detected capacity change from 0 to 2048
[   28.527498][  T402] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   28.539808][  T402] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   405] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   405] close(3)                    = 0
[pid   405] mkdir("./file0", 0777)      = 0
[pid   405] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   405] chdir("./file0")            = 0
[pid   405] ioctl(4, LOOP_CLR_FD)       = 0
[pid   405] close(4)                    = 0
[pid   405] creat("./bus", 000)         = 4
[pid   405] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   405] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   405] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.590214][  T405] loop0: detected capacity change from 0 to 2048
[   28.622346][  T405] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   405] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   405] exit_group(0)               = ?
[pid   405] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs")                 = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./33/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 408
./strace-static-x86_64: Process 408 attached
[pid   408] set_robust_list(0x555557505660, 24) = 0
[pid   408] chdir("./34")               = 0
[pid   408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   408] setpgid(0, 0)               = 0
[pid   408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   408] write(3, "1000", 4)         = 4
[pid   408] close(3)                    = 0
[pid   408] symlink("/dev/binderfs", "./binderfs") = 0
[pid   408] memfd_create("syzkaller", 0) = 3
[pid   408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   408] munmap(0x7fc743815000, 1048576) = 0
[pid   408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   408] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   408] close(3)                    = 0
[pid   408] mkdir("./file0", 0777)      = 0
[pid   408] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   408] chdir("./file0")            = 0
[pid   408] ioctl(4, LOOP_CLR_FD)       = 0
[pid   408] close(4)                    = 0
[pid   408] creat("./bus", 000)         = 4
[pid   408] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   408] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   408] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.635446][  T405] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   28.673016][  T408] loop0: detected capacity change from 0 to 2048
[pid   408] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   408] exit_group(0)               = ?
[pid   408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs")                 = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./34/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 412
./strace-static-x86_64: Process 412 attached
[pid   412] set_robust_list(0x555557505660, 24) = 0
[pid   412] chdir("./35")               = 0
[pid   412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   412] setpgid(0, 0)               = 0
[pid   412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   412] write(3, "1000", 4)         = 4
[pid   412] close(3)                    = 0
[pid   412] symlink("/dev/binderfs", "./binderfs") = 0
[pid   412] memfd_create("syzkaller", 0) = 3
[pid   412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   412] munmap(0x7fc743815000, 1048576) = 0
[pid   412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.706197][  T408] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   28.718413][  T408] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   412] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   412] close(3)                    = 0
[pid   412] mkdir("./file0", 0777)      = 0
[pid   412] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   412] chdir("./file0")            = 0
[pid   412] ioctl(4, LOOP_CLR_FD)       = 0
[pid   412] close(4)                    = 0
[pid   412] creat("./bus", 000)         = 4
[pid   412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   412] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   412] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   412] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.761221][  T412] loop0: detected capacity change from 0 to 2048
[   28.787881][  T412] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   412] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   412] exit_group(0)               = ?
[pid   412] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs")                 = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./35/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 415
./strace-static-x86_64: Process 415 attached
[pid   415] set_robust_list(0x555557505660, 24) = 0
[pid   415] chdir("./36")               = 0
[pid   415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   415] setpgid(0, 0)               = 0
[pid   415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   415] write(3, "1000", 4)         = 4
[pid   415] close(3)                    = 0
[pid   415] symlink("/dev/binderfs", "./binderfs") = 0
[pid   415] memfd_create("syzkaller", 0) = 3
[pid   415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   415] munmap(0x7fc743815000, 1048576) = 0
[pid   415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.800224][  T412] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   415] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   415] close(3)                    = 0
[pid   415] mkdir("./file0", 0777)      = 0
[pid   415] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   415] chdir("./file0")            = 0
[pid   415] ioctl(4, LOOP_CLR_FD)       = 0
[pid   415] close(4)                    = 0
[pid   415] creat("./bus", 000)         = 4
[pid   415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   415] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   415] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.841469][  T415] loop0: detected capacity change from 0 to 2048
[   28.878087][  T415] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   415] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   415] exit_group(0)               = ?
[pid   415] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs")                 = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./36/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 418
./strace-static-x86_64: Process 418 attached
[pid   418] set_robust_list(0x555557505660, 24) = 0
[pid   418] chdir("./37")               = 0
[pid   418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   418] setpgid(0, 0)               = 0
[pid   418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   418] write(3, "1000", 4)         = 4
[pid   418] close(3)                    = 0
[pid   418] symlink("/dev/binderfs", "./binderfs") = 0
[pid   418] memfd_create("syzkaller", 0) = 3
[pid   418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   418] munmap(0x7fc743815000, 1048576) = 0
[pid   418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.890496][  T415] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   418] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   418] close(3)                    = 0
[pid   418] mkdir("./file0", 0777)      = 0
[pid   418] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   418] chdir("./file0")            = 0
[pid   418] ioctl(4, LOOP_CLR_FD)       = 0
[pid   418] close(4)                    = 0
[pid   418] creat("./bus", 000)         = 4
[pid   418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   418] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   418] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   418] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   28.937391][  T418] loop0: detected capacity change from 0 to 2048
[   28.961678][  T418] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   418] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   418] exit_group(0)               = ?
[pid   418] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs")                 = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./37/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 421
./strace-static-x86_64: Process 421 attached
[pid   421] set_robust_list(0x555557505660, 24) = 0
[pid   421] chdir("./38")               = 0
[pid   421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   421] setpgid(0, 0)               = 0
[pid   421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   421] write(3, "1000", 4)         = 4
[pid   421] close(3)                    = 0
[pid   421] symlink("/dev/binderfs", "./binderfs") = 0
[pid   421] memfd_create("syzkaller", 0) = 3
[pid   421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   421] munmap(0x7fc743815000, 1048576) = 0
[pid   421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   28.974716][  T418] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   421] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   421] close(3)                    = 0
[pid   421] mkdir("./file0", 0777)      = 0
[pid   421] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   421] chdir("./file0")            = 0
[pid   421] ioctl(4, LOOP_CLR_FD)       = 0
[pid   421] close(4)                    = 0
[pid   421] creat("./bus", 000)         = 4
[pid   421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   421] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   421] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   421] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.027427][  T421] loop0: detected capacity change from 0 to 2048
[   29.050437][  T421] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   421] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   421] exit_group(0)               = ?
[pid   421] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs")                 = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./38/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 424
./strace-static-x86_64: Process 424 attached
[pid   424] set_robust_list(0x555557505660, 24) = 0
[pid   424] chdir("./39")               = 0
[pid   424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   424] setpgid(0, 0)               = 0
[pid   424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   424] write(3, "1000", 4)         = 4
[pid   424] close(3)                    = 0
[pid   424] symlink("/dev/binderfs", "./binderfs") = 0
[pid   424] memfd_create("syzkaller", 0) = 3
[pid   424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   424] munmap(0x7fc743815000, 1048576) = 0
[pid   424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.062743][  T421] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   424] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   424] close(3)                    = 0
[pid   424] mkdir("./file0", 0777)      = 0
[pid   424] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   424] chdir("./file0")            = 0
[pid   424] ioctl(4, LOOP_CLR_FD)       = 0
[pid   424] close(4)                    = 0
[pid   424] creat("./bus", 000)         = 4
[pid   424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   424] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   424] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   424] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.107545][  T424] loop0: detected capacity change from 0 to 2048
[   29.145311][  T424] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   424] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   424] exit_group(0)               = ?
[pid   424] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs")                 = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./39/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./39")                           = 0
mkdir("./40", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 427
./strace-static-x86_64: Process 427 attached
[pid   427] set_robust_list(0x555557505660, 24) = 0
[pid   427] chdir("./40")               = 0
[pid   427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   427] setpgid(0, 0)               = 0
[pid   427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   427] write(3, "1000", 4)         = 4
[pid   427] close(3)                    = 0
[pid   427] symlink("/dev/binderfs", "./binderfs") = 0
[pid   427] memfd_create("syzkaller", 0) = 3
[pid   427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   427] munmap(0x7fc743815000, 1048576) = 0
[pid   427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   427] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   427] close(3)                    = 0
[pid   427] mkdir("./file0", 0777)      = 0
[pid   427] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   427] chdir("./file0")            = 0
[pid   427] ioctl(4, LOOP_CLR_FD)       = 0
[pid   427] close(4)                    = 0
[pid   427] creat("./bus", 000)         = 4
[pid   427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   427] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   427] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   427] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.158078][  T424] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   29.197182][  T427] loop0: detected capacity change from 0 to 2048
[pid   427] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   427] exit_group(0)               = ?
[pid   427] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs")                 = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./40/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./40")                           = 0
mkdir("./41", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 430
./strace-static-x86_64: Process 430 attached
[pid   430] set_robust_list(0x555557505660, 24) = 0
[pid   430] chdir("./41")               = 0
[pid   430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   430] setpgid(0, 0)               = 0
[pid   430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   430] write(3, "1000", 4)         = 4
[pid   430] close(3)                    = 0
[pid   430] symlink("/dev/binderfs", "./binderfs") = 0
[pid   430] memfd_create("syzkaller", 0) = 3
[pid   430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   430] munmap(0x7fc743815000, 1048576) = 0
[pid   430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.220411][  T427] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   29.234761][  T427] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   430] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   430] close(3)                    = 0
[pid   430] mkdir("./file0", 0777)      = 0
[pid   430] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   430] chdir("./file0")            = 0
[pid   430] ioctl(4, LOOP_CLR_FD)       = 0
[pid   430] close(4)                    = 0
[pid   430] creat("./bus", 000)         = 4
[pid   430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   430] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   430] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   430] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.286613][  T430] loop0: detected capacity change from 0 to 2048
[   29.324276][  T430] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   430] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   430] exit_group(0)               = ?
[pid   430] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs")                 = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./41/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./41")                           = 0
mkdir("./42", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 433
./strace-static-x86_64: Process 433 attached
[pid   433] set_robust_list(0x555557505660, 24) = 0
[pid   433] chdir("./42")               = 0
[pid   433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   433] setpgid(0, 0)               = 0
[pid   433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   433] write(3, "1000", 4)         = 4
[pid   433] close(3)                    = 0
[pid   433] symlink("/dev/binderfs", "./binderfs") = 0
[pid   433] memfd_create("syzkaller", 0) = 3
[pid   433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   433] munmap(0x7fc743815000, 1048576) = 0
[pid   433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   433] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   433] close(3)                    = 0
[pid   433] mkdir("./file0", 0777)      = 0
[pid   433] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   433] chdir("./file0")            = 0
[pid   433] ioctl(4, LOOP_CLR_FD)       = 0
[pid   433] close(4)                    = 0
[pid   433] creat("./bus", 000)         = 4
[pid   433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   433] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   433] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.336878][  T430] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   29.375989][  T433] loop0: detected capacity change from 0 to 2048
[pid   433] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   433] exit_group(0)               = ?
[pid   433] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs")                 = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./42/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./42")                           = 0
mkdir("./43", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 436
./strace-static-x86_64: Process 436 attached
[pid   436] set_robust_list(0x555557505660, 24) = 0
[pid   436] chdir("./43")               = 0
[pid   436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   436] setpgid(0, 0)               = 0
[pid   436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   436] write(3, "1000", 4)         = 4
[pid   436] close(3)                    = 0
[pid   436] symlink("/dev/binderfs", "./binderfs") = 0
[pid   436] memfd_create("syzkaller", 0) = 3
[pid   436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   436] munmap(0x7fc743815000, 1048576) = 0
[pid   436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.399863][  T433] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   29.412222][  T433] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   436] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   436] close(3)                    = 0
[pid   436] mkdir("./file0", 0777)      = 0
[pid   436] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   436] chdir("./file0")            = 0
[pid   436] ioctl(4, LOOP_CLR_FD)       = 0
[pid   436] close(4)                    = 0
[pid   436] creat("./bus", 000)         = 4
[pid   436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   436] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   436] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   436] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.456916][  T436] loop0: detected capacity change from 0 to 2048
[   29.487410][  T436] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   436] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   436] exit_group(0)               = ?
[pid   436] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs")                 = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./43/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./43")                           = 0
mkdir("./44", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 439
./strace-static-x86_64: Process 439 attached
[pid   439] set_robust_list(0x555557505660, 24) = 0
[pid   439] chdir("./44")               = 0
[pid   439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   439] setpgid(0, 0)               = 0
[pid   439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   439] write(3, "1000", 4)         = 4
[pid   439] close(3)                    = 0
[pid   439] symlink("/dev/binderfs", "./binderfs") = 0
[pid   439] memfd_create("syzkaller", 0) = 3
[pid   439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   439] munmap(0x7fc743815000, 1048576) = 0
[pid   439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.500833][  T436] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   439] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   439] close(3)                    = 0
[pid   439] mkdir("./file0", 0777)      = 0
[pid   439] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   439] chdir("./file0")            = 0
[pid   439] ioctl(4, LOOP_CLR_FD)       = 0
[pid   439] close(4)                    = 0
[pid   439] creat("./bus", 000)         = 4
[pid   439] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   439] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   439] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.549689][  T439] loop0: detected capacity change from 0 to 2048
[pid   439] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   439] exit_group(0)               = ?
[pid   439] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs")                 = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./44/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./44")                           = 0
mkdir("./45", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 442
./strace-static-x86_64: Process 442 attached
[pid   442] set_robust_list(0x555557505660, 24) = 0
[pid   442] chdir("./45")               = 0
[pid   442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   442] setpgid(0, 0)               = 0
[pid   442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   442] write(3, "1000", 4)         = 4
[pid   442] close(3)                    = 0
[pid   442] symlink("/dev/binderfs", "./binderfs") = 0
[pid   442] memfd_create("syzkaller", 0) = 3
[pid   442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   442] munmap(0x7fc743815000, 1048576) = 0
[pid   442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.588232][  T439] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   29.600725][  T439] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   442] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   442] close(3)                    = 0
[pid   442] mkdir("./file0", 0777)      = 0
[pid   442] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   442] chdir("./file0")            = 0
[pid   442] ioctl(4, LOOP_CLR_FD)       = 0
[pid   442] close(4)                    = 0
[pid   442] creat("./bus", 000)         = 4
[pid   442] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   442] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   442] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   442] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.647784][  T442] loop0: detected capacity change from 0 to 2048
[   29.680644][  T442] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   442] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   442] exit_group(0)               = ?
[pid   442] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=442, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs")                 = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./45/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./45")                           = 0
mkdir("./46", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 446
./strace-static-x86_64: Process 446 attached
[pid   446] set_robust_list(0x555557505660, 24) = 0
[pid   446] chdir("./46")               = 0
[pid   446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   446] setpgid(0, 0)               = 0
[pid   446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   446] write(3, "1000", 4)         = 4
[pid   446] close(3)                    = 0
[pid   446] symlink("/dev/binderfs", "./binderfs") = 0
[pid   446] memfd_create("syzkaller", 0) = 3
[pid   446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   446] munmap(0x7fc743815000, 1048576) = 0
[pid   446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   446] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   446] close(3)                    = 0
[pid   446] mkdir("./file0", 0777)      = 0
[pid   446] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   446] chdir("./file0")            = 0
[pid   446] ioctl(4, LOOP_CLR_FD)       = 0
[pid   446] close(4)                    = 0
[pid   446] creat("./bus", 000)         = 4
[pid   446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   446] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   446] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   29.692995][  T442] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   29.732147][  T446] loop0: detected capacity change from 0 to 2048
[pid   446] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   446] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   446] exit_group(0)               = ?
[pid   446] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs")                 = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./46/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./46")                           = 0
mkdir("./47", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 449
./strace-static-x86_64: Process 449 attached
[pid   449] set_robust_list(0x555557505660, 24) = 0
[pid   449] chdir("./47")               = 0
[pid   449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   449] setpgid(0, 0)               = 0
[pid   449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   449] write(3, "1000", 4)         = 4
[pid   449] close(3)                    = 0
[pid   449] symlink("/dev/binderfs", "./binderfs") = 0
[pid   449] memfd_create("syzkaller", 0) = 3
[pid   449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   449] munmap(0x7fc743815000, 1048576) = 0
[pid   449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.759752][  T446] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   29.772027][  T446] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   449] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   449] close(3)                    = 0
[pid   449] mkdir("./file0", 0777)      = 0
[pid   449] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   449] chdir("./file0")            = 0
[pid   449] ioctl(4, LOOP_CLR_FD)       = 0
[pid   449] close(4)                    = 0
[pid   449] creat("./bus", 000)         = 4
[pid   449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   449] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   449] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   449] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.816935][  T449] loop0: detected capacity change from 0 to 2048
[   29.848107][  T449] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   449] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   449] exit_group(0)               = ?
[pid   449] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs")                 = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./47/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./47")                           = 0
mkdir("./48", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 453 attached
, child_tidptr=0x555557505650) = 453
[pid   453] set_robust_list(0x555557505660, 24) = 0
[pid   453] chdir("./48")               = 0
[pid   453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   453] setpgid(0, 0)               = 0
[pid   453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   453] write(3, "1000", 4)         = 4
[pid   453] close(3)                    = 0
[pid   453] symlink("/dev/binderfs", "./binderfs") = 0
[pid   453] memfd_create("syzkaller", 0) = 3
[pid   453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   453] munmap(0x7fc743815000, 1048576) = 0
[pid   453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   453] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   453] close(3)                    = 0
[pid   453] mkdir("./file0", 0777)      = 0
[pid   453] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   453] chdir("./file0")            = 0
[pid   453] ioctl(4, LOOP_CLR_FD)       = 0
[pid   453] close(4)                    = 0
[pid   453] creat("./bus", 000)         = 4
[pid   453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   453] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   453] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   453] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.860477][  T449] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   29.904985][  T453] loop0: detected capacity change from 0 to 2048
[pid   453] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   453] exit_group(0)               = ?
[pid   453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs")                 = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./48/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./48")                           = 0
mkdir("./49", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 456 attached
, child_tidptr=0x555557505650) = 456
[pid   456] set_robust_list(0x555557505660, 24) = 0
[pid   456] chdir("./49")               = 0
[pid   456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   456] setpgid(0, 0)               = 0
[pid   456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   456] write(3, "1000", 4)         = 4
[pid   456] close(3)                    = 0
[pid   456] symlink("/dev/binderfs", "./binderfs") = 0
[pid   456] memfd_create("syzkaller", 0) = 3
[pid   456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   456] munmap(0x7fc743815000, 1048576) = 0
[pid   456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   29.936280][  T453] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   29.948836][  T453] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   456] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   456] close(3)                    = 0
[pid   456] mkdir("./file0", 0777)      = 0
[pid   456] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   456] chdir("./file0")            = 0
[pid   456] ioctl(4, LOOP_CLR_FD)       = 0
[pid   456] close(4)                    = 0
[pid   456] creat("./bus", 000)         = 4
[pid   456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   456] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   456] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   456] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   29.992085][  T456] loop0: detected capacity change from 0 to 2048
[   30.020018][  T456] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   456] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   456] exit_group(0)               = ?
[pid   456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs")                 = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./49/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./49")                           = 0
mkdir("./50", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 459 attached
 <unfinished ...>
[pid   459] set_robust_list(0x555557505660, 24) = 0
[pid   459] chdir("./50")               = 0
[pid   459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   459] setpgid(0, 0)               = 0
[pid   459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   459] write(3, "1000", 4)         = 4
[pid   459] close(3)                    = 0
[pid   459] symlink("/dev/binderfs", "./binderfs") = 0
[pid   459] memfd_create("syzkaller", 0) = 3
[pid   459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 459
[pid   459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   459] munmap(0x7fc743815000, 1048576) = 0
[pid   459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.032753][  T456] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   459] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   459] close(3)                    = 0
[pid   459] mkdir("./file0", 0777)      = 0
[pid   459] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   459] chdir("./file0")            = 0
[pid   459] ioctl(4, LOOP_CLR_FD)       = 0
[pid   459] close(4)                    = 0
[pid   459] creat("./bus", 000)         = 4
[pid   459] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   459] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   459] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   459] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.073983][  T459] loop0: detected capacity change from 0 to 2048
[   30.099506][  T459] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   459] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   459] exit_group(0)               = ?
[pid   459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs")                 = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./50/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./50")                           = 0
mkdir("./51", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 462
./strace-static-x86_64: Process 462 attached
[pid   462] set_robust_list(0x555557505660, 24) = 0
[pid   462] chdir("./51")               = 0
[pid   462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   462] setpgid(0, 0)               = 0
[pid   462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   462] write(3, "1000", 4)         = 4
[pid   462] close(3)                    = 0
[pid   462] symlink("/dev/binderfs", "./binderfs") = 0
[pid   462] memfd_create("syzkaller", 0) = 3
[pid   462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   462] munmap(0x7fc743815000, 1048576) = 0
[   30.111935][  T459] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   462] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   462] close(3)                    = 0
[pid   462] mkdir("./file0", 0777)      = 0
[pid   462] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   462] chdir("./file0")            = 0
[pid   462] ioctl(4, LOOP_CLR_FD)       = 0
[pid   462] close(4)                    = 0
[pid   462] creat("./bus", 000)         = 4
[pid   462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   462] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   462] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   462] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.152383][  T462] loop0: detected capacity change from 0 to 2048
[pid   462] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   462] exit_group(0)               = ?
[pid   462] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs")                 = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./51/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./51")                           = 0
mkdir("./52", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 465
./strace-static-x86_64: Process 465 attached
[pid   465] set_robust_list(0x555557505660, 24) = 0
[pid   465] chdir("./52")               = 0
[pid   465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   465] setpgid(0, 0)               = 0
[pid   465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   465] write(3, "1000", 4)         = 4
[pid   465] close(3)                    = 0
[pid   465] symlink("/dev/binderfs", "./binderfs") = 0
[pid   465] memfd_create("syzkaller", 0) = 3
[pid   465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   465] munmap(0x7fc743815000, 1048576) = 0
[pid   465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   465] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   465] close(3)                    = 0
[pid   465] mkdir("./file0", 0777)      = 0
[   30.192521][  T462] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   30.205037][  T462] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   465] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   465] chdir("./file0")            = 0
[pid   465] ioctl(4, LOOP_CLR_FD)       = 0
[pid   465] close(4)                    = 0
[pid   465] creat("./bus", 000)         = 4
[pid   465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   465] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   465] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   465] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.251370][  T465] loop0: detected capacity change from 0 to 2048
[   30.289262][  T465] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   465] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   465] exit_group(0)               = ?
[pid   465] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs")                 = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./52/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./52")                           = 0
mkdir("./53", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 468 attached
, child_tidptr=0x555557505650) = 468
[pid   468] set_robust_list(0x555557505660, 24) = 0
[pid   468] chdir("./53")               = 0
[pid   468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   468] setpgid(0, 0)               = 0
[pid   468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   468] write(3, "1000", 4)         = 4
[pid   468] close(3)                    = 0
[pid   468] symlink("/dev/binderfs", "./binderfs") = 0
[pid   468] memfd_create("syzkaller", 0) = 3
[pid   468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   468] munmap(0x7fc743815000, 1048576) = 0
[pid   468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.301655][  T465] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   468] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   468] close(3)                    = 0
[pid   468] mkdir("./file0", 0777)      = 0
[pid   468] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   468] chdir("./file0")            = 0
[pid   468] ioctl(4, LOOP_CLR_FD)       = 0
[pid   468] close(4)                    = 0
[pid   468] creat("./bus", 000)         = 4
[pid   468] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   468] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   468] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   468] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   468] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   468] exit_group(0)               = ?
[pid   468] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs")                 = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./53/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./53")                           = 0
mkdir("./54", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 471
./strace-static-x86_64: Process 471 attached
[pid   471] set_robust_list(0x555557505660, 24) = 0
[pid   471] chdir("./54")               = 0
[pid   471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   471] setpgid(0, 0)               = 0
[pid   471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   471] write(3, "1000", 4)         = 4
[pid   471] close(3)                    = 0
[pid   471] symlink("/dev/binderfs", "./binderfs") = 0
[pid   471] memfd_create("syzkaller", 0) = 3
[pid   471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   471] munmap(0x7fc743815000, 1048576) = 0
[pid   471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.345762][  T468] loop0: detected capacity change from 0 to 2048
[   30.368800][  T468] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   30.381191][  T468] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   471] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   471] close(3)                    = 0
[pid   471] mkdir("./file0", 0777)      = 0
[pid   471] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   471] chdir("./file0")            = 0
[pid   471] ioctl(4, LOOP_CLR_FD)       = 0
[pid   471] close(4)                    = 0
[pid   471] creat("./bus", 000)         = 4
[pid   471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   471] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   471] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   471] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   471] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   471] exit_group(0)               = ?
[   30.423370][  T471] loop0: detected capacity change from 0 to 2048
[   30.448494][  T471] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   471] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs")                 = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./54/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./54")                           = 0
mkdir("./55", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 474
./strace-static-x86_64: Process 474 attached
[pid   474] set_robust_list(0x555557505660, 24) = 0
[pid   474] chdir("./55")               = 0
[pid   474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   474] setpgid(0, 0)               = 0
[pid   474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   474] write(3, "1000", 4)         = 4
[pid   474] close(3)                    = 0
[pid   474] symlink("/dev/binderfs", "./binderfs") = 0
[pid   474] memfd_create("syzkaller", 0) = 3
[pid   474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   474] munmap(0x7fc743815000, 1048576) = 0
[pid   474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.461390][  T471] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   474] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   474] close(3)                    = 0
[pid   474] mkdir("./file0", 0777)      = 0
[pid   474] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   474] chdir("./file0")            = 0
[pid   474] ioctl(4, LOOP_CLR_FD)       = 0
[pid   474] close(4)                    = 0
[pid   474] creat("./bus", 000)         = 4
[pid   474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   474] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   474] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   474] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.505631][  T474] loop0: detected capacity change from 0 to 2048
[pid   474] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   474] exit_group(0)               = ?
[pid   474] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs")                 = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./55/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./55")                           = 0
mkdir("./56", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 477
./strace-static-x86_64: Process 477 attached
[pid   477] set_robust_list(0x555557505660, 24) = 0
[pid   477] chdir("./56")               = 0
[pid   477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   477] setpgid(0, 0)               = 0
[pid   477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   477] write(3, "1000", 4)         = 4
[pid   477] close(3)                    = 0
[pid   477] symlink("/dev/binderfs", "./binderfs") = 0
[pid   477] memfd_create("syzkaller", 0) = 3
[pid   477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   477] munmap(0x7fc743815000, 1048576) = 0
[pid   477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.546069][  T474] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   30.558438][  T474] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   477] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   477] close(3)                    = 0
[pid   477] mkdir("./file0", 0777)      = 0
[pid   477] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   477] chdir("./file0")            = 0
[pid   477] ioctl(4, LOOP_CLR_FD)       = 0
[pid   477] close(4)                    = 0
[pid   477] creat("./bus", 000)         = 4
[pid   477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   477] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   477] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   477] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.596249][  T477] loop0: detected capacity change from 0 to 2048
[   30.631011][  T477] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   477] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   477] exit_group(0)               = ?
[pid   477] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs")                 = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./56/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./56")                           = 0
mkdir("./57", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 480
./strace-static-x86_64: Process 480 attached
[pid   480] set_robust_list(0x555557505660, 24) = 0
[pid   480] chdir("./57")               = 0
[pid   480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   480] setpgid(0, 0)               = 0
[pid   480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   480] write(3, "1000", 4)         = 4
[pid   480] close(3)                    = 0
[pid   480] symlink("/dev/binderfs", "./binderfs") = 0
[pid   480] memfd_create("syzkaller", 0) = 3
[pid   480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   480] munmap(0x7fc743815000, 1048576) = 0
[pid   480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.643708][  T477] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   480] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   480] close(3)                    = 0
[pid   480] mkdir("./file0", 0777)      = 0
[pid   480] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   480] chdir("./file0")            = 0
[pid   480] ioctl(4, LOOP_CLR_FD)       = 0
[pid   480] close(4)                    = 0
[pid   480] creat("./bus", 000)         = 4
[pid   480] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   480] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   480] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   480] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   480] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   480] exit_group(0)               = ?
[   30.687118][  T480] loop0: detected capacity change from 0 to 2048
[   30.710561][  T480] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   30.722781][  T480] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   480] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs")                 = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./57/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./57")                           = 0
mkdir("./58", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 484 attached
, child_tidptr=0x555557505650) = 484
[pid   484] set_robust_list(0x555557505660, 24) = 0
[pid   484] chdir("./58")               = 0
[pid   484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   484] setpgid(0, 0)               = 0
[pid   484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   484] write(3, "1000", 4)         = 4
[pid   484] close(3)                    = 0
[pid   484] symlink("/dev/binderfs", "./binderfs") = 0
[pid   484] memfd_create("syzkaller", 0) = 3
[pid   484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   484] munmap(0x7fc743815000, 1048576) = 0
[pid   484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   484] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   484] close(3)                    = 0
[pid   484] mkdir("./file0", 0777)      = 0
[pid   484] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   484] chdir("./file0")            = 0
[pid   484] ioctl(4, LOOP_CLR_FD)       = 0
[pid   484] close(4)                    = 0
[pid   484] creat("./bus", 000)         = 4
[pid   484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   484] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   484] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   484] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   484] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   484] exit_group(0)               = ?
[pid   484] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs")                 = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./58/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./58")                           = 0
mkdir("./59", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 487
./strace-static-x86_64: Process 487 attached
[pid   487] set_robust_list(0x555557505660, 24) = 0
[pid   487] chdir("./59")               = 0
[pid   487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   487] setpgid(0, 0)               = 0
[pid   487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   487] write(3, "1000", 4)         = 4
[pid   487] close(3)                    = 0
[pid   487] symlink("/dev/binderfs", "./binderfs") = 0
[pid   487] memfd_create("syzkaller", 0) = 3
[pid   487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   487] munmap(0x7fc743815000, 1048576) = 0
[pid   487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.778887][  T484] loop0: detected capacity change from 0 to 2048
[   30.799799][  T484] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   30.812011][  T484] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   487] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   487] close(3)                    = 0
[pid   487] mkdir("./file0", 0777)      = 0
[pid   487] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   487] chdir("./file0")            = 0
[pid   487] ioctl(4, LOOP_CLR_FD)       = 0
[pid   487] close(4)                    = 0
[pid   487] creat("./bus", 000)         = 4
[pid   487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   487] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   487] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   487] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   487] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   487] exit_group(0)               = ?
[pid   487] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=487, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs")                 = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./59/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./59")                           = 0
mkdir("./60", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 490
./strace-static-x86_64: Process 490 attached
[pid   490] set_robust_list(0x555557505660, 24) = 0
[pid   490] chdir("./60")               = 0
[pid   490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   490] setpgid(0, 0)               = 0
[pid   490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   490] write(3, "1000", 4)         = 4
[pid   490] close(3)                    = 0
[pid   490] symlink("/dev/binderfs", "./binderfs") = 0
[pid   490] memfd_create("syzkaller", 0) = 3
[pid   490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   490] munmap(0x7fc743815000, 1048576) = 0
[pid   490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   30.858040][  T487] loop0: detected capacity change from 0 to 2048
[   30.880526][  T487] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   30.893402][  T487] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   490] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   490] close(3)                    = 0
[pid   490] mkdir("./file0", 0777)      = 0
[pid   490] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   490] chdir("./file0")            = 0
[pid   490] ioctl(4, LOOP_CLR_FD)       = 0
[pid   490] close(4)                    = 0
[pid   490] creat("./bus", 000)         = 4
[pid   490] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   490] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   490] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.933119][  T490] loop0: detected capacity change from 0 to 2048
[   30.964000][  T490] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   490] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   490] exit_group(0)               = ?
[pid   490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs")                 = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./60/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./60")                           = 0
mkdir("./61", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 493
./strace-static-x86_64: Process 493 attached
[pid   493] set_robust_list(0x555557505660, 24) = 0
[pid   493] chdir("./61")               = 0
[pid   493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   493] setpgid(0, 0)               = 0
[pid   493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   493] write(3, "1000", 4)         = 4
[pid   493] close(3)                    = 0
[pid   493] symlink("/dev/binderfs", "./binderfs") = 0
[pid   493] memfd_create("syzkaller", 0) = 3
[pid   493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   493] munmap(0x7fc743815000, 1048576) = 0
[pid   493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   493] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   493] close(3)                    = 0
[pid   493] mkdir("./file0", 0777)      = 0
[pid   493] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   493] chdir("./file0")            = 0
[pid   493] ioctl(4, LOOP_CLR_FD)       = 0
[pid   493] close(4)                    = 0
[pid   493] creat("./bus", 000)         = 4
[pid   493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   493] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   493] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   493] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   30.976349][  T490] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   31.014140][  T493] loop0: detected capacity change from 0 to 2048
[pid   493] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   493] exit_group(0)               = ?
[pid   493] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs")                 = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./61/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./61")                           = 0
mkdir("./62", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 496
./strace-static-x86_64: Process 496 attached
[pid   496] set_robust_list(0x555557505660, 24) = 0
[pid   496] chdir("./62")               = 0
[pid   496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   496] setpgid(0, 0)               = 0
[pid   496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   496] write(3, "1000", 4)         = 4
[pid   496] close(3)                    = 0
[pid   496] symlink("/dev/binderfs", "./binderfs") = 0
[pid   496] memfd_create("syzkaller", 0) = 3
[pid   496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   496] munmap(0x7fc743815000, 1048576) = 0
[pid   496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.037467][  T493] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   31.049828][  T493] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   496] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   496] close(3)                    = 0
[pid   496] mkdir("./file0", 0777)      = 0
[pid   496] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   496] chdir("./file0")            = 0
[pid   496] ioctl(4, LOOP_CLR_FD)       = 0
[pid   496] close(4)                    = 0
[pid   496] creat("./bus", 000)         = 4
[pid   496] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   496] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   496] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   496] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.085085][  T496] loop0: detected capacity change from 0 to 2048
[pid   496] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   496] exit_group(0)               = ?
[pid   496] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs")                 = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./62/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./62")                           = 0
mkdir("./63", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 499
./strace-static-x86_64: Process 499 attached
[pid   499] set_robust_list(0x555557505660, 24) = 0
[pid   499] chdir("./63")               = 0
[pid   499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   499] setpgid(0, 0)               = 0
[pid   499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   499] write(3, "1000", 4)         = 4
[pid   499] close(3)                    = 0
[pid   499] symlink("/dev/binderfs", "./binderfs") = 0
[pid   499] memfd_create("syzkaller", 0) = 3
[pid   499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   499] munmap(0x7fc743815000, 1048576) = 0
[pid   499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.109223][  T496] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   31.121730][  T496] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   499] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   499] close(3)                    = 0
[pid   499] mkdir("./file0", 0777)      = 0
[pid   499] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   499] chdir("./file0")            = 0
[pid   499] ioctl(4, LOOP_CLR_FD)       = 0
[pid   499] close(4)                    = 0
[pid   499] creat("./bus", 000)         = 4
[pid   499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   499] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   499] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   499] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.166088][  T499] loop0: detected capacity change from 0 to 2048
[   31.200511][  T499] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   499] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   499] exit_group(0)               = ?
[pid   499] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs")                 = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./63/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./63")                           = 0
mkdir("./64", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 502
./strace-static-x86_64: Process 502 attached
[pid   502] set_robust_list(0x555557505660, 24) = 0
[pid   502] chdir("./64")               = 0
[pid   502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   502] setpgid(0, 0)               = 0
[pid   502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   502] write(3, "1000", 4)         = 4
[pid   502] close(3)                    = 0
[pid   502] symlink("/dev/binderfs", "./binderfs") = 0
[pid   502] memfd_create("syzkaller", 0) = 3
[pid   502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   502] munmap(0x7fc743815000, 1048576) = 0
[pid   502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   502] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   502] close(3)                    = 0
[pid   502] mkdir("./file0", 0777)      = 0
[pid   502] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   502] chdir("./file0")            = 0
[pid   502] ioctl(4, LOOP_CLR_FD)       = 0
[pid   502] close(4)                    = 0
[pid   502] creat("./bus", 000)         = 4
[pid   502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   502] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   502] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   31.212821][  T499] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   31.252033][  T502] loop0: detected capacity change from 0 to 2048
[pid   502] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   502] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   502] exit_group(0)               = ?
[pid   502] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs")                 = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./64/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./64")                           = 0
mkdir("./65", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 505
./strace-static-x86_64: Process 505 attached
[pid   505] set_robust_list(0x555557505660, 24) = 0
[pid   505] chdir("./65")               = 0
[pid   505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   505] setpgid(0, 0)               = 0
[pid   505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   505] write(3, "1000", 4)         = 4
[pid   505] close(3)                    = 0
[pid   505] symlink("/dev/binderfs", "./binderfs") = 0
[pid   505] memfd_create("syzkaller", 0) = 3
[pid   505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   505] munmap(0x7fc743815000, 1048576) = 0
[pid   505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.277050][  T502] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   31.289593][  T502] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   505] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   505] close(3)                    = 0
[pid   505] mkdir("./file0", 0777)      = 0
[pid   505] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   505] chdir("./file0")            = 0
[pid   505] ioctl(4, LOOP_CLR_FD)       = 0
[pid   505] close(4)                    = 0
[pid   505] creat("./bus", 000)         = 4
[pid   505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   505] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   505] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   505] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.332518][  T505] loop0: detected capacity change from 0 to 2048
[   31.365098][  T505] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   505] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   505] exit_group(0)               = ?
[pid   505] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs")                 = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./65/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./65")                           = 0
mkdir("./66", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 508 attached
, child_tidptr=0x555557505650) = 508
[pid   508] set_robust_list(0x555557505660, 24) = 0
[pid   508] chdir("./66")               = 0
[pid   508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   508] setpgid(0, 0)               = 0
[pid   508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   508] write(3, "1000", 4)         = 4
[pid   508] close(3)                    = 0
[pid   508] symlink("/dev/binderfs", "./binderfs") = 0
[pid   508] memfd_create("syzkaller", 0) = 3
[pid   508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   508] munmap(0x7fc743815000, 1048576) = 0
[pid   508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.377426][  T505] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   508] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   508] close(3)                    = 0
[pid   508] mkdir("./file0", 0777)      = 0
[pid   508] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   508] chdir("./file0")            = 0
[pid   508] ioctl(4, LOOP_CLR_FD)       = 0
[pid   508] close(4)                    = 0
[pid   508] creat("./bus", 000)         = 4
[pid   508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   508] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   508] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   508] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.423072][  T508] loop0: detected capacity change from 0 to 2048
[   31.448989][  T508] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   508] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   508] exit_group(0)               = ?
[pid   508] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs")                 = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./66/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./66")                           = 0
mkdir("./67", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 511
./strace-static-x86_64: Process 511 attached
[pid   511] set_robust_list(0x555557505660, 24) = 0
[pid   511] chdir("./67")               = 0
[pid   511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   511] setpgid(0, 0)               = 0
[pid   511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   511] write(3, "1000", 4)         = 4
[pid   511] close(3)                    = 0
[pid   511] symlink("/dev/binderfs", "./binderfs") = 0
[pid   511] memfd_create("syzkaller", 0) = 3
[pid   511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   511] munmap(0x7fc743815000, 1048576) = 0
[pid   511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.461349][  T508] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   511] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   511] close(3)                    = 0
[pid   511] mkdir("./file0", 0777)      = 0
[pid   511] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   511] chdir("./file0")            = 0
[pid   511] ioctl(4, LOOP_CLR_FD)       = 0
[pid   511] close(4)                    = 0
[pid   511] creat("./bus", 000)         = 4
[pid   511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   511] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   511] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   511] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.496191][  T511] loop0: detected capacity change from 0 to 2048
[   31.519799][  T511] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   511] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   511] exit_group(0)               = ?
[pid   511] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs")                 = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./67/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./67")                           = 0
mkdir("./68", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 514 attached
 <unfinished ...>
[pid   514] set_robust_list(0x555557505660, 24) = 0
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 514
[pid   514] chdir("./68")               = 0
[pid   514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   514] setpgid(0, 0)               = 0
[pid   514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   514] write(3, "1000", 4)         = 4
[pid   514] close(3)                    = 0
[pid   514] symlink("/dev/binderfs", "./binderfs") = 0
[pid   514] memfd_create("syzkaller", 0) = 3
[pid   514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   514] munmap(0x7fc743815000, 1048576) = 0
[pid   514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.532747][  T511] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   514] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   514] close(3)                    = 0
[pid   514] mkdir("./file0", 0777)      = 0
[pid   514] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   514] chdir("./file0")            = 0
[pid   514] ioctl(4, LOOP_CLR_FD)       = 0
[pid   514] close(4)                    = 0
[pid   514] creat("./bus", 000)         = 4
[pid   514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   514] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   514] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   514] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.584120][  T514] loop0: detected capacity change from 0 to 2048
[   31.621323][  T514] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   514] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   514] exit_group(0)               = ?
[pid   514] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs")                 = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./68/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./68")                           = 0
mkdir("./69", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 517
./strace-static-x86_64: Process 517 attached
[pid   517] set_robust_list(0x555557505660, 24) = 0
[pid   517] chdir("./69")               = 0
[pid   517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   517] setpgid(0, 0)               = 0
[pid   517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   517] write(3, "1000", 4)         = 4
[pid   517] close(3)                    = 0
[pid   517] symlink("/dev/binderfs", "./binderfs") = 0
[pid   517] memfd_create("syzkaller", 0) = 3
[pid   517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   517] munmap(0x7fc743815000, 1048576) = 0
[pid   517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   517] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   517] close(3)                    = 0
[pid   517] mkdir("./file0", 0777)      = 0
[pid   517] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   517] chdir("./file0")            = 0
[pid   517] ioctl(4, LOOP_CLR_FD)       = 0
[pid   517] close(4)                    = 0
[pid   517] creat("./bus", 000)         = 4
[pid   517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   517] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   517] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   517] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.633934][  T514] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   31.671883][  T517] loop0: detected capacity change from 0 to 2048
[pid   517] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   517] exit_group(0)               = ?
[pid   517] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs")                 = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./69/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./69")                           = 0
mkdir("./70", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 521
./strace-static-x86_64: Process 521 attached
[pid   521] set_robust_list(0x555557505660, 24) = 0
[pid   521] chdir("./70")               = 0
[pid   521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   521] setpgid(0, 0)               = 0
[pid   521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   521] write(3, "1000", 4)         = 4
[pid   521] close(3)                    = 0
[pid   521] symlink("/dev/binderfs", "./binderfs") = 0
[pid   521] memfd_create("syzkaller", 0) = 3
[pid   521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   521] munmap(0x7fc743815000, 1048576) = 0
[pid   521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.707525][  T517] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   31.720274][  T517] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   521] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   521] close(3)                    = 0
[pid   521] mkdir("./file0", 0777)      = 0
[pid   521] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   521] chdir("./file0")            = 0
[pid   521] ioctl(4, LOOP_CLR_FD)       = 0
[pid   521] close(4)                    = 0
[pid   521] creat("./bus", 000)         = 4
[pid   521] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   521] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   521] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   521] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   521] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   521] exit_group(0)               = ?
[pid   521] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=521, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs")                 = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./70/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./70")                           = 0
mkdir("./71", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 524
./strace-static-x86_64: Process 524 attached
[pid   524] set_robust_list(0x555557505660, 24) = 0
[pid   524] chdir("./71")               = 0
[pid   524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   524] setpgid(0, 0)               = 0
[pid   524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   524] write(3, "1000", 4)         = 4
[pid   524] close(3)                    = 0
[pid   524] symlink("/dev/binderfs", "./binderfs") = 0
[pid   524] memfd_create("syzkaller", 0) = 3
[pid   524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[   31.758736][  T521] loop0: detected capacity change from 0 to 2048
[   31.780537][  T521] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   31.793181][  T521] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   524] munmap(0x7fc743815000, 1048576) = 0
[pid   524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   524] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   524] close(3)                    = 0
[pid   524] mkdir("./file0", 0777)      = 0
[pid   524] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   524] chdir("./file0")            = 0
[pid   524] ioctl(4, LOOP_CLR_FD)       = 0
[pid   524] close(4)                    = 0
[pid   524] creat("./bus", 000)         = 4
[pid   524] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   524] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   524] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   524] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.841392][  T524] loop0: detected capacity change from 0 to 2048
[   31.871753][  T524] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   524] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   524] exit_group(0)               = ?
[pid   524] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=524, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs")                 = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./71/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./71")                           = 0
mkdir("./72", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 527 attached
, child_tidptr=0x555557505650) = 527
[pid   527] set_robust_list(0x555557505660, 24) = 0
[pid   527] chdir("./72")               = 0
[pid   527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   527] setpgid(0, 0)               = 0
[pid   527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   527] write(3, "1000", 4)         = 4
[pid   527] close(3)                    = 0
[pid   527] symlink("/dev/binderfs", "./binderfs") = 0
[pid   527] memfd_create("syzkaller", 0) = 3
[pid   527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   527] munmap(0x7fc743815000, 1048576) = 0
[pid   527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   527] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   527] close(3)                    = 0
[pid   527] mkdir("./file0", 0777)      = 0
[pid   527] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   527] chdir("./file0")            = 0
[pid   527] ioctl(4, LOOP_CLR_FD)       = 0
[pid   527] close(4)                    = 0
[pid   527] creat("./bus", 000)         = 4
[pid   527] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   527] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   527] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   527] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   31.884222][  T524] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   31.931557][  T527] loop0: detected capacity change from 0 to 2048
[pid   527] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   527] exit_group(0)               = ?
[pid   527] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=527, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs")                 = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./72/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./72")                           = 0
mkdir("./73", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 530 attached
, child_tidptr=0x555557505650) = 530
[pid   530] set_robust_list(0x555557505660, 24) = 0
[pid   530] chdir("./73")               = 0
[pid   530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   530] setpgid(0, 0)               = 0
[pid   530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   530] write(3, "1000", 4)         = 4
[pid   530] close(3)                    = 0
[pid   530] symlink("/dev/binderfs", "./binderfs") = 0
[pid   530] memfd_create("syzkaller", 0) = 3
[pid   530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   530] munmap(0x7fc743815000, 1048576) = 0
[pid   530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   31.960664][  T527] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   31.972972][  T527] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   530] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   530] close(3)                    = 0
[pid   530] mkdir("./file0", 0777)      = 0
[pid   530] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   530] chdir("./file0")            = 0
[pid   530] ioctl(4, LOOP_CLR_FD)       = 0
[pid   530] close(4)                    = 0
[pid   530] creat("./bus", 000)         = 4
[pid   530] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   530] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   530] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   530] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.023460][  T530] loop0: detected capacity change from 0 to 2048
[   32.049441][  T530] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   530] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   530] exit_group(0)               = ?
[pid   530] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=530, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs")                 = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./73/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./73")                           = 0
mkdir("./74", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 533
./strace-static-x86_64: Process 533 attached
[pid   533] set_robust_list(0x555557505660, 24) = 0
[pid   533] chdir("./74")               = 0
[pid   533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   533] setpgid(0, 0)               = 0
[pid   533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   533] write(3, "1000", 4)         = 4
[pid   533] close(3)                    = 0
[pid   533] symlink("/dev/binderfs", "./binderfs") = 0
[pid   533] memfd_create("syzkaller", 0) = 3
[pid   533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   533] munmap(0x7fc743815000, 1048576) = 0
[pid   533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.061742][  T530] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   533] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   533] close(3)                    = 0
[pid   533] mkdir("./file0", 0777)      = 0
[pid   533] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   533] chdir("./file0")            = 0
[pid   533] ioctl(4, LOOP_CLR_FD)       = 0
[pid   533] close(4)                    = 0
[pid   533] creat("./bus", 000)         = 4
[pid   533] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   533] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   533] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   533] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.111224][  T533] loop0: detected capacity change from 0 to 2048
[   32.139331][  T533] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   533] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   533] exit_group(0)               = ?
[pid   533] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=533, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs")                 = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./74/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./74")                           = 0
mkdir("./75", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 537 attached
 <unfinished ...>
[pid   537] set_robust_list(0x555557505660, 24) = 0
[pid   537] chdir("./75" <unfinished ...>
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 537
[pid   537] <... chdir resumed>)        = 0
[pid   537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   537] setpgid(0, 0)               = 0
[pid   537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   537] write(3, "1000", 4)         = 4
[pid   537] close(3)                    = 0
[pid   537] symlink("/dev/binderfs", "./binderfs") = 0
[pid   537] memfd_create("syzkaller", 0) = 3
[pid   537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   537] munmap(0x7fc743815000, 1048576) = 0
[pid   537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.151618][  T533] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   537] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   537] close(3)                    = 0
[pid   537] mkdir("./file0", 0777)      = 0
[pid   537] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   537] chdir("./file0")            = 0
[pid   537] ioctl(4, LOOP_CLR_FD)       = 0
[pid   537] close(4)                    = 0
[pid   537] creat("./bus", 000)         = 4
[pid   537] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   537] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   537] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   537] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.193006][  T537] loop0: detected capacity change from 0 to 2048
[   32.224261][  T537] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   537] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   537] exit_group(0)               = ?
[pid   537] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=537, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs")                 = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./75/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./75")                           = 0
mkdir("./76", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 540
./strace-static-x86_64: Process 540 attached
[pid   540] set_robust_list(0x555557505660, 24) = 0
[pid   540] chdir("./76")               = 0
[pid   540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   540] setpgid(0, 0)               = 0
[pid   540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   540] write(3, "1000", 4)         = 4
[pid   540] close(3)                    = 0
[pid   540] symlink("/dev/binderfs", "./binderfs") = 0
[pid   540] memfd_create("syzkaller", 0) = 3
[pid   540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   540] munmap(0x7fc743815000, 1048576) = 0
[pid   540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   540] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   540] close(3)                    = 0
[pid   540] mkdir("./file0", 0777)      = 0
[pid   540] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   540] chdir("./file0")            = 0
[pid   540] ioctl(4, LOOP_CLR_FD)       = 0
[pid   540] close(4)                    = 0
[pid   540] creat("./bus", 000)         = 4
[pid   540] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   540] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   540] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   540] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.237064][  T537] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   32.282557][  T540] loop0: detected capacity change from 0 to 2048
[pid   540] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   540] exit_group(0)               = ?
[pid   540] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=540, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/binderfs")                 = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./76/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./76")                           = 0
mkdir("./77", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 543
./strace-static-x86_64: Process 543 attached
[pid   543] set_robust_list(0x555557505660, 24) = 0
[pid   543] chdir("./77")               = 0
[pid   543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   543] setpgid(0, 0)               = 0
[pid   543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   543] write(3, "1000", 4)         = 4
[pid   543] close(3)                    = 0
[pid   543] symlink("/dev/binderfs", "./binderfs") = 0
[pid   543] memfd_create("syzkaller", 0) = 3
[pid   543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   543] munmap(0x7fc743815000, 1048576) = 0
[pid   543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.310949][  T540] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   32.323424][  T540] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   543] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   543] close(3)                    = 0
[pid   543] mkdir("./file0", 0777)      = 0
[pid   543] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   543] chdir("./file0")            = 0
[pid   543] ioctl(4, LOOP_CLR_FD)       = 0
[pid   543] close(4)                    = 0
[pid   543] creat("./bus", 000)         = 4
[pid   543] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   543] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   543] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   543] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.362644][  T543] loop0: detected capacity change from 0 to 2048
[   32.388603][  T543] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   543] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   543] exit_group(0)               = ?
[pid   543] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=543, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs")                 = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./77/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./77")                           = 0
mkdir("./78", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 546
./strace-static-x86_64: Process 546 attached
[pid   546] set_robust_list(0x555557505660, 24) = 0
[pid   546] chdir("./78")               = 0
[pid   546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   546] setpgid(0, 0)               = 0
[pid   546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   546] write(3, "1000", 4)         = 4
[pid   546] close(3)                    = 0
[pid   546] symlink("/dev/binderfs", "./binderfs") = 0
[pid   546] memfd_create("syzkaller", 0) = 3
[pid   546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   546] munmap(0x7fc743815000, 1048576) = 0
[pid   546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.401110][  T543] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   546] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   546] close(3)                    = 0
[pid   546] mkdir("./file0", 0777)      = 0
[pid   546] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   546] chdir("./file0")            = 0
[pid   546] ioctl(4, LOOP_CLR_FD)       = 0
[pid   546] close(4)                    = 0
[pid   546] creat("./bus", 000)         = 4
[pid   546] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   546] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   546] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   546] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   546] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[   32.442091][  T546] loop0: detected capacity change from 0 to 2048
[   32.470764][  T546] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   546] exit_group(0)               = ?
[pid   546] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=546, si_uid=0, si_status=0, si_utime=1, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs")                 = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./78/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./78")                           = 0
mkdir("./79", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 549
./strace-static-x86_64: Process 549 attached
[pid   549] set_robust_list(0x555557505660, 24) = 0
[pid   549] chdir("./79")               = 0
[pid   549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   549] setpgid(0, 0)               = 0
[pid   549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   549] write(3, "1000", 4)         = 4
[pid   549] close(3)                    = 0
[pid   549] symlink("/dev/binderfs", "./binderfs") = 0
[pid   549] memfd_create("syzkaller", 0) = 3
[pid   549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   549] munmap(0x7fc743815000, 1048576) = 0
[pid   549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.483355][  T546] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   549] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   549] close(3)                    = 0
[pid   549] mkdir("./file0", 0777)      = 0
[pid   549] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   549] chdir("./file0")            = 0
[pid   549] ioctl(4, LOOP_CLR_FD)       = 0
[pid   549] close(4)                    = 0
[pid   549] creat("./bus", 000)         = 4
[pid   549] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   549] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   549] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   549] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   549] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   549] exit_group(0)               = ?
[pid   549] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=549, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs")                 = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./79/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./79")                           = 0
mkdir("./80", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 552
./strace-static-x86_64: Process 552 attached
[pid   552] set_robust_list(0x555557505660, 24) = 0
[pid   552] chdir("./80")               = 0
[pid   552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   552] setpgid(0, 0)               = 0
[pid   552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   552] write(3, "1000", 4)         = 4
[pid   552] close(3)                    = 0
[pid   552] symlink("/dev/binderfs", "./binderfs") = 0
[pid   552] memfd_create("syzkaller", 0) = 3
[pid   552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   552] munmap(0x7fc743815000, 1048576) = 0
[pid   552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.539024][  T549] loop0: detected capacity change from 0 to 2048
[   32.559349][  T549] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   32.573373][  T549] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid   552] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   552] close(3)                    = 0
[pid   552] mkdir("./file0", 0777)      = 0
[pid   552] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   552] chdir("./file0")            = 0
[pid   552] ioctl(4, LOOP_CLR_FD)       = 0
[pid   552] close(4)                    = 0
[pid   552] creat("./bus", 000)         = 4
[pid   552] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   552] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   552] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   552] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   552] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   552] exit_group(0)               = ?
[pid   552] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=552, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs")                 = 0
[   32.618317][  T552] loop0: detected capacity change from 0 to 2048
[   32.640065][  T552] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   32.652759][  T552] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./80/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./80")                           = 0
mkdir("./81", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 555
./strace-static-x86_64: Process 555 attached
[pid   555] set_robust_list(0x555557505660, 24) = 0
[pid   555] chdir("./81")               = 0
[pid   555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   555] setpgid(0, 0)               = 0
[pid   555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   555] write(3, "1000", 4)         = 4
[pid   555] close(3)                    = 0
[pid   555] symlink("/dev/binderfs", "./binderfs") = 0
[pid   555] memfd_create("syzkaller", 0) = 3
[pid   555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   555] munmap(0x7fc743815000, 1048576) = 0
[pid   555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   555] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   555] close(3)                    = 0
[pid   555] mkdir("./file0", 0777)      = 0
[   32.674170][  T298] EXT4-fs unmount: 98 callbacks suppressed
[   32.674181][  T298] EXT4-fs (loop0): unmounting filesystem.
[   32.706699][  T555] loop0: detected capacity change from 0 to 2048
[pid   555] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   555] chdir("./file0")            = 0
[pid   555] ioctl(4, LOOP_CLR_FD)       = 0
[pid   555] close(4)                    = 0
[pid   555] creat("./bus", 000)         = 4
[pid   555] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   555] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   555] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   555] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   555] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   555] exit_group(0)               = ?
[pid   555] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=555, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs")                 = 0
[   32.720351][  T555] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   32.741528][  T555] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   32.753971][  T555] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./81/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./81")                           = 0
mkdir("./82", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 559
./strace-static-x86_64: Process 559 attached
[pid   559] set_robust_list(0x555557505660, 24) = 0
[pid   559] chdir("./82")               = 0
[pid   559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   559] setpgid(0, 0)               = 0
[pid   559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   559] write(3, "1000", 4)         = 4
[pid   559] close(3)                    = 0
[pid   559] symlink("/dev/binderfs", "./binderfs") = 0
[pid   559] memfd_create("syzkaller", 0) = 3
[pid   559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   559] munmap(0x7fc743815000, 1048576) = 0
[pid   559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   559] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   559] close(3)                    = 0
[pid   559] mkdir("./file0", 0777)      = 0
[   32.777750][  T298] EXT4-fs (loop0): unmounting filesystem.
[   32.817334][  T559] loop0: detected capacity change from 0 to 2048
[pid   559] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   559] chdir("./file0")            = 0
[pid   559] ioctl(4, LOOP_CLR_FD)       = 0
[pid   559] close(4)                    = 0
[pid   559] creat("./bus", 000)         = 4
[pid   559] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   559] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   559] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   559] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   559] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   559] exit_group(0)               = ?
[pid   559] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=559, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs")                 = 0
[   32.829598][  T559] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   32.847282][  T559] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   32.859500][  T559] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./82/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./82")                           = 0
mkdir("./83", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 562
./strace-static-x86_64: Process 562 attached
[pid   562] set_robust_list(0x555557505660, 24) = 0
[pid   562] chdir("./83")               = 0
[pid   562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   562] setpgid(0, 0)               = 0
[pid   562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   562] write(3, "1000", 4)         = 4
[pid   562] close(3)                    = 0
[pid   562] symlink("/dev/binderfs", "./binderfs") = 0
[pid   562] memfd_create("syzkaller", 0) = 3
[pid   562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   562] munmap(0x7fc743815000, 1048576) = 0
[pid   562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   562] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   562] close(3)                    = 0
[pid   562] mkdir("./file0", 0777)      = 0
[pid   562] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   562] chdir("./file0")            = 0
[pid   562] ioctl(4, LOOP_CLR_FD)       = 0
[pid   562] close(4)                    = 0
[pid   562] creat("./bus", 000)         = 4
[pid   562] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   562] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   562] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.882161][  T298] EXT4-fs (loop0): unmounting filesystem.
[   32.906268][  T562] loop0: detected capacity change from 0 to 2048
[   32.920102][  T562] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   562] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   562] exit_group(0)               = ?
[pid   562] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=562, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs")                 = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./83/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./83")                           = 0
mkdir("./84", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 565 attached
, child_tidptr=0x555557505650) = 565
[pid   565] set_robust_list(0x555557505660, 24) = 0
[pid   565] chdir("./84")               = 0
[pid   565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   565] setpgid(0, 0)               = 0
[pid   565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   565] write(3, "1000", 4)         = 4
[pid   565] close(3)                    = 0
[pid   565] symlink("/dev/binderfs", "./binderfs") = 0
[pid   565] memfd_create("syzkaller", 0) = 3
[pid   565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   565] munmap(0x7fc743815000, 1048576) = 0
[pid   565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   32.937244][  T562] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   32.949655][  T562] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   32.967984][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   565] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   565] close(3)                    = 0
[pid   565] mkdir("./file0", 0777)      = 0
[pid   565] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   565] chdir("./file0")            = 0
[pid   565] ioctl(4, LOOP_CLR_FD)       = 0
[pid   565] close(4)                    = 0
[pid   565] creat("./bus", 000)         = 4
[pid   565] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   565] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   565] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   565] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   32.998374][  T565] loop0: detected capacity change from 0 to 2048
[   33.010465][  T565] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.026256][  T565] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   565] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   565] exit_group(0)               = ?
[pid   565] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=565, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs")                 = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./84/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./84")                           = 0
mkdir("./85", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 568
./strace-static-x86_64: Process 568 attached
[pid   568] set_robust_list(0x555557505660, 24) = 0
[pid   568] chdir("./85")               = 0
[pid   568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   568] setpgid(0, 0)               = 0
[pid   568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   568] write(3, "1000", 4)         = 4
[pid   568] close(3)                    = 0
[pid   568] symlink("/dev/binderfs", "./binderfs") = 0
[pid   568] memfd_create("syzkaller", 0) = 3
[pid   568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   568] munmap(0x7fc743815000, 1048576) = 0
[pid   568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   568] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   568] close(3)                    = 0
[pid   568] mkdir("./file0", 0777)      = 0
[   33.038813][  T565] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   33.061022][  T298] EXT4-fs (loop0): unmounting filesystem.
[   33.085293][  T568] loop0: detected capacity change from 0 to 2048
[pid   568] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   568] chdir("./file0")            = 0
[pid   568] ioctl(4, LOOP_CLR_FD)       = 0
[pid   568] close(4)                    = 0
[pid   568] creat("./bus", 000)         = 4
[pid   568] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   568] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   568] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   568] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   568] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   568] exit_group(0)               = ?
[pid   568] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=568, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   33.100305][  T568] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.117809][  T568] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   33.130054][  T568] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs")                 = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./85/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./85")                           = 0
mkdir("./86", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 571
./strace-static-x86_64: Process 571 attached
[pid   571] set_robust_list(0x555557505660, 24) = 0
[pid   571] chdir("./86")               = 0
[pid   571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   571] setpgid(0, 0)               = 0
[pid   571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   571] write(3, "1000", 4)         = 4
[pid   571] close(3)                    = 0
[pid   571] symlink("/dev/binderfs", "./binderfs") = 0
[pid   571] memfd_create("syzkaller", 0) = 3
[pid   571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   571] munmap(0x7fc743815000, 1048576) = 0
[pid   571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   33.150111][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   571] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   571] close(3)                    = 0
[pid   571] mkdir("./file0", 0777)      = 0
[pid   571] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   571] chdir("./file0")            = 0
[pid   571] ioctl(4, LOOP_CLR_FD)       = 0
[pid   571] close(4)                    = 0
[pid   571] creat("./bus", 000)         = 4
[pid   571] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   571] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   571] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   571] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   33.174147][  T571] loop0: detected capacity change from 0 to 2048
[   33.190083][  T571] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.206221][  T571] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   571] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   571] exit_group(0)               = ?
[pid   571] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=571, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs")                 = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./86/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./86")                           = 0
mkdir("./87", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 574
./strace-static-x86_64: Process 574 attached
[pid   574] set_robust_list(0x555557505660, 24) = 0
[pid   574] chdir("./87")               = 0
[pid   574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   574] setpgid(0, 0)               = 0
[pid   574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   574] write(3, "1000", 4)         = 4
[pid   574] close(3)                    = 0
[pid   574] symlink("/dev/binderfs", "./binderfs") = 0
[pid   574] memfd_create("syzkaller", 0) = 3
[pid   574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   574] munmap(0x7fc743815000, 1048576) = 0
[pid   574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   33.218817][  T571] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   33.237208][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   574] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   574] close(3)                    = 0
[pid   574] mkdir("./file0", 0777)      = 0
[pid   574] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   574] chdir("./file0")            = 0
[pid   574] ioctl(4, LOOP_CLR_FD)       = 0
[pid   574] close(4)                    = 0
[pid   574] creat("./bus", 000)         = 4
[pid   574] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   574] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   574] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   33.266987][  T574] loop0: detected capacity change from 0 to 2048
[   33.279864][  T574] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   574] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   574] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   574] exit_group(0)               = ?
[pid   574] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=574, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs")                 = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./87/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./87")                           = 0
mkdir("./88", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 577
./strace-static-x86_64: Process 577 attached
[pid   577] set_robust_list(0x555557505660, 24) = 0
[pid   577] chdir("./88")               = 0
[pid   577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   577] setpgid(0, 0)               = 0
[pid   577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   577] write(3, "1000", 4)         = 4
[pid   577] close(3)                    = 0
[pid   577] symlink("/dev/binderfs", "./binderfs") = 0
[pid   577] memfd_create("syzkaller", 0) = 3
[pid   577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   577] munmap(0x7fc743815000, 1048576) = 0
[pid   577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   33.313262][  T574] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   33.325664][  T574] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   33.347467][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   577] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   577] close(3)                    = 0
[pid   577] mkdir("./file0", 0777)      = 0
[pid   577] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   577] chdir("./file0")            = 0
[pid   577] ioctl(4, LOOP_CLR_FD)       = 0
[pid   577] close(4)                    = 0
[pid   577] creat("./bus", 000)         = 4
[pid   577] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   577] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   577] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   577] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   33.377171][  T577] loop0: detected capacity change from 0 to 2048
[   33.390248][  T577] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.408624][  T577] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   577] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   577] exit_group(0)               = ?
[pid   577] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=577, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs")                 = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./88/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./88")                           = 0
mkdir("./89", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 580
./strace-static-x86_64: Process 580 attached
[pid   580] set_robust_list(0x555557505660, 24) = 0
[pid   580] chdir("./89")               = 0
[pid   580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   580] setpgid(0, 0)               = 0
[pid   580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   580] write(3, "1000", 4)         = 4
[pid   580] close(3)                    = 0
[pid   580] symlink("/dev/binderfs", "./binderfs") = 0
[pid   580] memfd_create("syzkaller", 0) = 3
[pid   580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   580] munmap(0x7fc743815000, 1048576) = 0
[pid   580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   580] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   580] close(3)                    = 0
[pid   580] mkdir("./file0", 0777)      = 0
[   33.420910][  T577] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   33.441722][  T298] EXT4-fs (loop0): unmounting filesystem.
[   33.467398][  T580] loop0: detected capacity change from 0 to 2048
[pid   580] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   580] chdir("./file0")            = 0
[pid   580] ioctl(4, LOOP_CLR_FD)       = 0
[pid   580] close(4)                    = 0
[pid   580] creat("./bus", 000)         = 4
[pid   580] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   580] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   580] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   580] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   580] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   580] exit_group(0)               = ?
[pid   580] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=580, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs")                 = 0
[   33.479698][  T580] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.497383][  T580] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   33.509628][  T580] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./89/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./89")                           = 0
mkdir("./90", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 583 attached
, child_tidptr=0x555557505650) = 583
[pid   583] set_robust_list(0x555557505660, 24) = 0
[pid   583] chdir("./90")               = 0
[pid   583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   583] setpgid(0, 0)               = 0
[pid   583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   583] write(3, "1000", 4)         = 4
[pid   583] close(3)                    = 0
[pid   583] symlink("/dev/binderfs", "./binderfs") = 0
[pid   583] memfd_create("syzkaller", 0) = 3
[pid   583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   583] munmap(0x7fc743815000, 1048576) = 0
[pid   583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   583] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   583] close(3)                    = 0
[pid   583] mkdir("./file0", 0777)      = 0
[pid   583] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   583] chdir("./file0")            = 0
[pid   583] ioctl(4, LOOP_CLR_FD)       = 0
[pid   583] close(4)                    = 0
[pid   583] creat("./bus", 000)         = 4
[pid   583] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   583] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   583] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   583] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   33.530782][  T298] EXT4-fs (loop0): unmounting filesystem.
[   33.554604][  T583] loop0: detected capacity change from 0 to 2048
[   33.569741][  T583] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   583] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   583] exit_group(0)               = ?
[pid   583] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=583, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs")                 = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./90/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./90")                           = 0
mkdir("./91", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 586
./strace-static-x86_64: Process 586 attached
[pid   586] set_robust_list(0x555557505660, 24) = 0
[pid   586] chdir("./91")               = 0
[pid   586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   586] setpgid(0, 0)               = 0
[pid   586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   586] write(3, "1000", 4)         = 4
[pid   586] close(3)                    = 0
[pid   586] symlink("/dev/binderfs", "./binderfs") = 0
[pid   586] memfd_create("syzkaller", 0) = 3
[pid   586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   586] munmap(0x7fc743815000, 1048576) = 0
[   33.586681][  T583] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   33.598978][  T583] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   33.621412][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   586] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   586] close(3)                    = 0
[pid   586] mkdir("./file0", 0777)      = 0
[pid   586] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   586] chdir("./file0")            = 0
[pid   586] ioctl(4, LOOP_CLR_FD)       = 0
[pid   586] close(4)                    = 0
[pid   586] creat("./bus", 000)         = 4
[pid   586] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   586] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   586] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   586] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   33.643463][  T586] loop0: detected capacity change from 0 to 2048
[   33.659695][  T586] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.676046][  T586] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   586] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   586] exit_group(0)               = ?
[pid   586] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=586, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs")                 = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./91/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./91")                           = 0
mkdir("./92", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 590
./strace-static-x86_64: Process 590 attached
[pid   590] set_robust_list(0x555557505660, 24) = 0
[pid   590] chdir("./92")               = 0
[pid   590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   590] setpgid(0, 0)               = 0
[pid   590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   590] write(3, "1000", 4)         = 4
[pid   590] close(3)                    = 0
[pid   590] symlink("/dev/binderfs", "./binderfs") = 0
[pid   590] memfd_create("syzkaller", 0) = 3
[pid   590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   590] munmap(0x7fc743815000, 1048576) = 0
[pid   590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   590] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   590] close(3)                    = 0
[pid   590] mkdir("./file0", 0777)      = 0
[   33.688294][  T586] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   33.708432][  T298] EXT4-fs (loop0): unmounting filesystem.
[   33.733678][  T590] loop0: detected capacity change from 0 to 2048
[pid   590] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   590] chdir("./file0")            = 0
[pid   590] ioctl(4, LOOP_CLR_FD)       = 0
[pid   590] close(4)                    = 0
[pid   590] creat("./bus", 000)         = 4
[pid   590] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   590] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   590] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   590] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   590] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   590] exit_group(0)               = ?
[pid   590] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=590, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs")                 = 0
[   33.750030][  T590] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.766625][  T590] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   33.778907][  T590] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./92/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./92")                           = 0
mkdir("./93", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 593
./strace-static-x86_64: Process 593 attached
[pid   593] set_robust_list(0x555557505660, 24) = 0
[pid   593] chdir("./93")               = 0
[pid   593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   593] setpgid(0, 0)               = 0
[pid   593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   593] write(3, "1000", 4)         = 4
[pid   593] close(3)                    = 0
[pid   593] symlink("/dev/binderfs", "./binderfs") = 0
[pid   593] memfd_create("syzkaller", 0) = 3
[pid   593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   593] munmap(0x7fc743815000, 1048576) = 0
[pid   593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   593] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   593] close(3)                    = 0
[pid   593] mkdir("./file0", 0777)      = 0
[   33.806310][  T298] EXT4-fs (loop0): unmounting filesystem.
[   33.841579][  T593] loop0: detected capacity change from 0 to 2048
[pid   593] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   593] chdir("./file0")            = 0
[pid   593] ioctl(4, LOOP_CLR_FD)       = 0
[pid   593] close(4)                    = 0
[pid   593] creat("./bus", 000)         = 4
[pid   593] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   593] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   593] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   593] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   593] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   593] exit_group(0)               = ?
[pid   593] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=593, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs")                 = 0
[   33.859853][  T593] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.878896][  T593] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   33.891157][  T593] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./93/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./93")                           = 0
mkdir("./94", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 596
./strace-static-x86_64: Process 596 attached
[pid   596] set_robust_list(0x555557505660, 24) = 0
[pid   596] chdir("./94")               = 0
[pid   596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   596] setpgid(0, 0)               = 0
[pid   596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   596] write(3, "1000", 4)         = 4
[pid   596] close(3)                    = 0
[pid   596] symlink("/dev/binderfs", "./binderfs") = 0
[pid   596] memfd_create("syzkaller", 0) = 3
[pid   596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   596] munmap(0x7fc743815000, 1048576) = 0
[pid   596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   33.914071][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   596] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   596] close(3)                    = 0
[pid   596] mkdir("./file0", 0777)      = 0
[pid   596] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   596] chdir("./file0")            = 0
[pid   596] ioctl(4, LOOP_CLR_FD)       = 0
[pid   596] close(4)                    = 0
[pid   596] creat("./bus", 000)         = 4
[pid   596] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   596] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   596] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   596] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   33.957127][  T596] loop0: detected capacity change from 0 to 2048
[   33.969830][  T596] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   33.986926][  T596] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   596] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   596] exit_group(0)               = ?
[pid   596] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=596, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs")                 = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./94/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./94")                           = 0
mkdir("./95", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 599
./strace-static-x86_64: Process 599 attached
[pid   599] set_robust_list(0x555557505660, 24) = 0
[pid   599] chdir("./95")               = 0
[pid   599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   599] setpgid(0, 0)               = 0
[pid   599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   599] write(3, "1000", 4)         = 4
[pid   599] close(3)                    = 0
[pid   599] symlink("/dev/binderfs", "./binderfs") = 0
[pid   599] memfd_create("syzkaller", 0) = 3
[pid   599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   599] munmap(0x7fc743815000, 1048576) = 0
[pid   599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   599] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   599] close(3)                    = 0
[pid   599] mkdir("./file0", 0777)      = 0
[   33.999586][  T596] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.021783][  T298] EXT4-fs (loop0): unmounting filesystem.
[   34.045774][  T599] loop0: detected capacity change from 0 to 2048
[pid   599] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   599] chdir("./file0")            = 0
[pid   599] ioctl(4, LOOP_CLR_FD)       = 0
[pid   599] close(4)                    = 0
[pid   599] creat("./bus", 000)         = 4
[pid   599] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   599] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   599] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   599] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   599] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   599] exit_group(0)               = ?
[pid   599] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=599, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs")                 = 0
[   34.059999][  T599] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.076792][  T599] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   34.089325][  T599] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./95/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./95")                           = 0
mkdir("./96", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 602
./strace-static-x86_64: Process 602 attached
[pid   602] set_robust_list(0x555557505660, 24) = 0
[pid   602] chdir("./96")               = 0
[pid   602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   602] setpgid(0, 0)               = 0
[pid   602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   602] write(3, "1000", 4)         = 4
[pid   602] close(3)                    = 0
[pid   602] symlink("/dev/binderfs", "./binderfs") = 0
[pid   602] memfd_create("syzkaller", 0) = 3
[pid   602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   602] munmap(0x7fc743815000, 1048576) = 0
[pid   602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   602] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   602] close(3)                    = 0
[pid   602] mkdir("./file0", 0777)      = 0
[pid   602] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   602] chdir("./file0")            = 0
[pid   602] ioctl(4, LOOP_CLR_FD)       = 0
[pid   602] close(4)                    = 0
[pid   602] creat("./bus", 000)         = 4
[pid   602] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   602] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   602] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   34.111147][  T298] EXT4-fs (loop0): unmounting filesystem.
[   34.136355][  T602] loop0: detected capacity change from 0 to 2048
[   34.149716][  T602] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   602] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   602] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   602] exit_group(0)               = ?
[pid   602] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=602, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs")                 = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./96/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./96")                           = 0
mkdir("./97", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 605
./strace-static-x86_64: Process 605 attached
[pid   605] set_robust_list(0x555557505660, 24) = 0
[pid   605] chdir("./97")               = 0
[pid   605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   605] setpgid(0, 0)               = 0
[pid   605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   605] write(3, "1000", 4)         = 4
[pid   605] close(3)                    = 0
[pid   605] symlink("/dev/binderfs", "./binderfs") = 0
[pid   605] memfd_create("syzkaller", 0) = 3
[pid   605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   605] munmap(0x7fc743815000, 1048576) = 0
[pid   605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   34.166719][  T602] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   34.179496][  T602] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.201363][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   605] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   605] close(3)                    = 0
[pid   605] mkdir("./file0", 0777)      = 0
[pid   605] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   605] chdir("./file0")            = 0
[pid   605] ioctl(4, LOOP_CLR_FD)       = 0
[pid   605] close(4)                    = 0
[pid   605] creat("./bus", 000)         = 4
[pid   605] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   605] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   605] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   605] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.225570][  T605] loop0: detected capacity change from 0 to 2048
[   34.239731][  T605] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.258299][  T605] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   605] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   605] exit_group(0)               = ?
[pid   605] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=605, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs")                 = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./97/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./97")                           = 0
mkdir("./98", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 608
./strace-static-x86_64: Process 608 attached
[pid   608] set_robust_list(0x555557505660, 24) = 0
[pid   608] chdir("./98")               = 0
[pid   608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   608] setpgid(0, 0)               = 0
[pid   608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   608] write(3, "1000", 4)         = 4
[pid   608] close(3)                    = 0
[pid   608] symlink("/dev/binderfs", "./binderfs") = 0
[pid   608] memfd_create("syzkaller", 0) = 3
[pid   608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[   34.270930][  T605] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.291710][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   608] munmap(0x7fc743815000, 1048576) = 0
[pid   608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   608] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   608] close(3)                    = 0
[pid   608] mkdir("./file0", 0777)      = 0
[pid   608] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   608] chdir("./file0")            = 0
[pid   608] ioctl(4, LOOP_CLR_FD)       = 0
[pid   608] close(4)                    = 0
[pid   608] creat("./bus", 000)         = 4
[pid   608] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   608] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   608] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   608] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.319288][  T608] loop0: detected capacity change from 0 to 2048
[   34.329631][  T608] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.349233][  T608] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   608] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   608] exit_group(0)               = ?
[pid   608] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=608, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs")                 = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./98/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./98")                           = 0
mkdir("./99", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 611
./strace-static-x86_64: Process 611 attached
[pid   611] set_robust_list(0x555557505660, 24) = 0
[pid   611] chdir("./99")               = 0
[pid   611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   611] setpgid(0, 0)               = 0
[pid   611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   611] write(3, "1000", 4)         = 4
[pid   611] close(3)                    = 0
[pid   611] symlink("/dev/binderfs", "./binderfs") = 0
[pid   611] memfd_create("syzkaller", 0) = 3
[pid   611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   611] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   611] munmap(0x7fc743815000, 1048576) = 0
[pid   611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   611] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   611] close(3)                    = 0
[pid   611] mkdir("./file0", 0777)      = 0
[   34.361732][  T608] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.382494][  T298] EXT4-fs (loop0): unmounting filesystem.
[   34.409228][  T611] loop0: detected capacity change from 0 to 2048
[pid   611] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   611] chdir("./file0")            = 0
[pid   611] ioctl(4, LOOP_CLR_FD)       = 0
[pid   611] close(4)                    = 0
[pid   611] creat("./bus", 000)         = 4
[pid   611] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   611] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   611] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   611] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.420044][  T611] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.444936][  T611] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   611] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   611] exit_group(0)               = ?
[pid   611] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=611, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs")                 = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./99/file0")                     = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./99")                           = 0
mkdir("./100", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 614
./strace-static-x86_64: Process 614 attached
[pid   614] set_robust_list(0x555557505660, 24) = 0
[pid   614] chdir("./100")              = 0
[pid   614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   614] setpgid(0, 0)               = 0
[pid   614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   614] write(3, "1000", 4)         = 4
[pid   614] close(3)                    = 0
[pid   614] symlink("/dev/binderfs", "./binderfs") = 0
[pid   614] memfd_create("syzkaller", 0) = 3
[pid   614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   614] munmap(0x7fc743815000, 1048576) = 0
[pid   614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   614] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   614] close(3)                    = 0
[pid   614] mkdir("./file0", 0777)      = 0
[   34.457449][  T611] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.477885][  T298] EXT4-fs (loop0): unmounting filesystem.
[   34.508268][  T614] loop0: detected capacity change from 0 to 2048
[pid   614] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   614] chdir("./file0")            = 0
[pid   614] ioctl(4, LOOP_CLR_FD)       = 0
[pid   614] close(4)                    = 0
[pid   614] creat("./bus", 000)         = 4
[pid   614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   614] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   614] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   614] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   614] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   614] exit_group(0)               = ?
[pid   614] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=614, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs")                = 0
[   34.520015][  T614] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.538104][  T614] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   34.550612][  T614] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./100/file0")                    = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./100")                          = 0
mkdir("./101", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 617
./strace-static-x86_64: Process 617 attached
[pid   617] set_robust_list(0x555557505660, 24) = 0
[pid   617] chdir("./101")              = 0
[pid   617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   617] setpgid(0, 0)               = 0
[pid   617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   617] write(3, "1000", 4)         = 4
[pid   617] close(3)                    = 0
[pid   617] symlink("/dev/binderfs", "./binderfs") = 0
[pid   617] memfd_create("syzkaller", 0) = 3
[pid   617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   617] munmap(0x7fc743815000, 1048576) = 0
[pid   617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   617] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   617] close(3)                    = 0
[pid   617] mkdir("./file0", 0777)      = 0
[   34.573094][  T298] EXT4-fs (loop0): unmounting filesystem.
[   34.609807][  T617] loop0: detected capacity change from 0 to 2048
[pid   617] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   617] chdir("./file0")            = 0
[pid   617] ioctl(4, LOOP_CLR_FD)       = 0
[pid   617] close(4)                    = 0
[pid   617] creat("./bus", 000)         = 4
[pid   617] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   617] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   617] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   617] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid   617] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   617] exit_group(0)               = ?
[pid   617] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=617, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs")                = 0
[   34.619805][  T617] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.636590][  T617] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   34.649010][  T617] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./101/file0")                    = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./101")                          = 0
mkdir("./102", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 620
./strace-static-x86_64: Process 620 attached
[pid   620] set_robust_list(0x555557505660, 24) = 0
[pid   620] chdir("./102")              = 0
[pid   620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   620] setpgid(0, 0)               = 0
[pid   620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   620] write(3, "1000", 4)         = 4
[pid   620] close(3)                    = 0
[pid   620] symlink("/dev/binderfs", "./binderfs") = 0
[pid   620] memfd_create("syzkaller", 0) = 3
[pid   620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   620] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   620] munmap(0x7fc743815000, 1048576) = 0
[pid   620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   34.669487][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   620] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   620] close(3)                    = 0
[pid   620] mkdir("./file0", 0777)      = 0
[pid   620] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   620] chdir("./file0")            = 0
[pid   620] ioctl(4, LOOP_CLR_FD)       = 0
[pid   620] close(4)                    = 0
[pid   620] creat("./bus", 000)         = 4
[pid   620] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   620] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   620] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   620] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.701970][  T620] loop0: detected capacity change from 0 to 2048
[   34.719719][  T620] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.736996][  T620] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   620] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   620] exit_group(0)               = ?
[pid   620] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=620, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs")                = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./102/file0")                    = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./102")                          = 0
mkdir("./103", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 624 attached
 <unfinished ...>
[pid   624] set_robust_list(0x555557505660, 24) = 0
[pid   624] chdir("./103")              = 0
[pid   624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   624] setpgid(0, 0)               = 0
[pid   624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   624] write(3, "1000", 4)         = 4
[pid   624] close(3)                    = 0
[pid   624] symlink("/dev/binderfs", "./binderfs") = 0
[pid   624] memfd_create("syzkaller", 0) = 3
[pid   624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 624
[pid   624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   624] munmap(0x7fc743815000, 1048576) = 0
[pid   624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   34.749255][  T620] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.769807][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   624] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   624] close(3)                    = 0
[pid   624] mkdir("./file0", 0777)      = 0
[pid   624] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   624] chdir("./file0")            = 0
[pid   624] ioctl(4, LOOP_CLR_FD)       = 0
[pid   624] close(4)                    = 0
[pid   624] creat("./bus", 000)         = 4
[pid   624] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   624] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   624] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   624] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.795483][  T624] loop0: detected capacity change from 0 to 2048
[   34.809862][  T624] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid   624] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   624] exit_group(0)               = ?
[pid   624] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=624, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs")                = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./103/file0")                    = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./103")                          = 0
mkdir("./104", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 627
./strace-static-x86_64: Process 627 attached
[pid   627] set_robust_list(0x555557505660, 24) = 0
[pid   627] chdir("./104")              = 0
[pid   627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   627] setpgid(0, 0)               = 0
[pid   627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   627] write(3, "1000", 4)         = 4
[pid   627] close(3)                    = 0
[pid   627] symlink("/dev/binderfs", "./binderfs") = 0
[pid   627] memfd_create("syzkaller", 0) = 3
[pid   627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   627] munmap(0x7fc743815000, 1048576) = 0
[pid   627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   34.834174][  T624] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[   34.846505][  T624] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.867045][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   627] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   627] close(3)                    = 0
[pid   627] mkdir("./file0", 0777)      = 0
[pid   627] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   627] chdir("./file0")            = 0
[pid   627] ioctl(4, LOOP_CLR_FD)       = 0
[pid   627] close(4)                    = 0
[pid   627] creat("./bus", 000)         = 4
[pid   627] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   627] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   627] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.891976][  T627] loop0: detected capacity change from 0 to 2048
[   34.909813][  T627] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   34.926987][  T627] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   627] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   627] exit_group(0)               = ?
[pid   627] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=627, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs")                = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./104/file0")                    = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./104")                          = 0
mkdir("./105", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 630 attached
 <unfinished ...>
[pid   630] set_robust_list(0x555557505660, 24) = 0
[pid   298] <... clone resumed>, child_tidptr=0x555557505650) = 630
[pid   630] chdir("./105")              = 0
[pid   630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   630] setpgid(0, 0)               = 0
[pid   630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   630] write(3, "1000", 4)         = 4
[pid   630] close(3)                    = 0
[pid   630] symlink("/dev/binderfs", "./binderfs") = 0
[pid   630] memfd_create("syzkaller", 0) = 3
[pid   630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid   630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   630] munmap(0x7fc743815000, 1048576) = 0
[pid   630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   34.939568][  T627] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[   34.961429][  T298] EXT4-fs (loop0): unmounting filesystem.
[pid   630] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   630] close(3)                    = 0
[pid   630] mkdir("./file0", 0777)      = 0
[pid   630] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid   630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   630] chdir("./file0")            = 0
[pid   630] ioctl(4, LOOP_CLR_FD)       = 0
[pid   630] close(4)                    = 0
[pid   630] creat("./bus", 000)         = 4
[pid   630] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   630] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid   630] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid   630] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[   34.992578][  T630] loop0: detected capacity change from 0 to 2048
[   35.009856][  T630] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   35.026311][  T630] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid   630] write(4, "\xef", 1)         = -1 ENOSPC (No space left on device)
[pid   630] exit_group(0)               = ?
[pid   630] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=630, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs")                = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./105/file0")                    = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./105")                          = 0
mkdir("./106", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 633
./strace-static-x86_64: Process 633 attached
[pid   633] set_robust_list(0x555557505660, 24) = 0
[pid   633] chdir("./106")              = 0
[pid   633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   633] setpgid(0, 0)               = 0
[pid   633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   633] write(3, "1000", 4)         = 4
[pid   633] close(3)                    = 0
[pid   633] symlink("/dev/binderfs", "./binderfs") = 0
[pid   633] memfd_create("syzkaller", 0) = 3
[pid   633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000