./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2895463622
<...>
Warning: Permanently added '10.128.1.16' (ED25519) to the list of known hosts.
execve("./syz-executor2895463622", ["./syz-executor2895463622"], 0x7ffee766ab30 /* 10 vars */) = 0
brk(NULL) = 0x555557505000
brk(0x555557505d00) = 0x555557505d00
arch_prctl(ARCH_SET_FS, 0x555557505380) = 0
set_tid_address(0x555557505650) = 298
set_robust_list(0x555557505660, 24) = 0
rseq(0x555557505ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2895463622", 4096) = 28
getrandom("\x83\xb9\x45\xf2\x32\x12\x04\x1e", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557505d00
brk(0x555557526d00) = 0x555557526d00
brk(0x555557527000) = 0x555557527000
mprotect(0x7fc74bcc9000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.kJwhWl", 0700) = 0
chmod("./syzkaller.kJwhWl", 0777) = 0
chdir("./syzkaller.kJwhWl") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 300
./strace-static-x86_64: Process 300 attached
[pid 300] set_robust_list(0x555557505660, 24) = 0
[pid 300] chdir("./0") = 0
[pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 300] setpgid(0, 0) = 0
[pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 300] write(3, "1000", 4) = 4
[pid 300] close(3) = 0
[pid 300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 300] memfd_create("syzkaller", 0) = 3
[pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 300] munmap(0x7fc743815000, 1048576) = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 300] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 300] close(3) = 0
[ 24.473981][ T28] audit: type=1400 audit(1689412790.443:66): avc: denied { execmem } for pid=298 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 24.493233][ T28] audit: type=1400 audit(1689412790.443:67): avc: denied { read write } for pid=298 comm="syz-executor289" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 24.506416][ T300] loop0: detected capacity change from 0 to 2048
[pid 300] mkdir("./file0", 0777) = 0
[ 24.523613][ T28] audit: type=1400 audit(1689412790.443:68): avc: denied { open } for pid=298 comm="syz-executor289" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 24.548357][ T28] audit: type=1400 audit(1689412790.443:69): avc: denied { ioctl } for pid=298 comm="syz-executor289" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 300] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 300] chdir("./file0") = 0
[pid 300] ioctl(4, LOOP_CLR_FD) = 0
[pid 300] close(4) = 0
[pid 300] creat("./bus", 000) = 4
[pid 300] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 300] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 24.560571][ T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.574143][ T28] audit: type=1400 audit(1689412790.493:70): avc: denied { mounton } for pid=300 comm="syz-executor289" path="/root/syzkaller.kJwhWl/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 24.606500][ T28] audit: type=1400 audit(1689412790.553:71): avc: denied { mount } for pid=300 comm="syz-executor289" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 24.608185][ T300] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 24.628210][ T28] audit: type=1400 audit(1689412790.563:72): avc: denied { write } for pid=300 comm="syz-executor289" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[pid 300] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 300] exit_group(0) = ?
[pid 300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
[ 24.641775][ T300] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 24.662756][ T28] audit: type=1400 audit(1689412790.563:73): avc: denied { add_name } for pid=300 comm="syz-executor289" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 24.698467][ T28] audit: type=1400 audit(1689412790.563:74): avc: denied { create } for pid=300 comm="syz-executor289" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 306
./strace-static-x86_64: Process 306 attached
[pid 306] set_robust_list(0x555557505660, 24) = 0
[pid 306] chdir("./1") = 0
[pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 306] setpgid(0, 0) = 0
[pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 306] write(3, "1000", 4) = 4
[pid 306] close(3) = 0
[pid 306] symlink("/dev/binderfs", "./binderfs") = 0
[pid 306] memfd_create("syzkaller", 0) = 3
[pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 306] munmap(0x7fc743815000, 1048576) = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.703332][ T300] syz-executor289 (300) used greatest stack depth: 22248 bytes left
[ 24.718833][ T28] audit: type=1400 audit(1689412790.563:75): avc: denied { write open } for pid=300 comm="syz-executor289" path="/root/syzkaller.kJwhWl/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 24.751827][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 306] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 306] close(3) = 0
[pid 306] mkdir("./file0", 0777) = 0
[pid 306] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 306] chdir("./file0") = 0
[pid 306] ioctl(4, LOOP_CLR_FD) = 0
[pid 306] close(4) = 0
[pid 306] creat("./bus", 000) = 4
[pid 306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 306] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 306] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 24.775729][ T306] loop0: detected capacity change from 0 to 2048
[ 24.790091][ T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 306] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 306] exit_group(0) = ?
[pid 306] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 309
./strace-static-x86_64: Process 309 attached
[pid 309] set_robust_list(0x555557505660, 24) = 0
[pid 309] chdir("./2") = 0
[pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 309] setpgid(0, 0) = 0
[pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 309] write(3, "1000", 4) = 4
[pid 309] close(3) = 0
[pid 309] symlink("/dev/binderfs", "./binderfs") = 0
[pid 309] memfd_create("syzkaller", 0) = 3
[pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 309] munmap(0x7fc743815000, 1048576) = 0
[pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.819213][ T306] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 24.831573][ T306] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 24.850588][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 309] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 309] close(3) = 0
[pid 309] mkdir("./file0", 0777) = 0
[pid 309] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 309] chdir("./file0") = 0
[pid 309] ioctl(4, LOOP_CLR_FD) = 0
[pid 309] close(4) = 0
[pid 309] creat("./bus", 000) = 4
[pid 309] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 309] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 309] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 309] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 24.872705][ T309] loop0: detected capacity change from 0 to 2048
[ 24.889858][ T309] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 309] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 309] exit_group(0) = ?
[pid 309] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 312
./strace-static-x86_64: Process 312 attached
[pid 312] set_robust_list(0x555557505660, 24) = 0
[pid 312] chdir("./3") = 0
[pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 312] setpgid(0, 0) = 0
[pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 312] write(3, "1000", 4) = 4
[pid 312] close(3) = 0
[pid 312] symlink("/dev/binderfs", "./binderfs") = 0
[pid 312] memfd_create("syzkaller", 0) = 3
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 312] munmap(0x7fc743815000, 1048576) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.918116][ T309] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 24.930355][ T309] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 24.957150][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 312] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 312] close(3) = 0
[pid 312] mkdir("./file0", 0777) = 0
[pid 312] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 312] chdir("./file0") = 0
[pid 312] ioctl(4, LOOP_CLR_FD) = 0
[pid 312] close(4) = 0
[pid 312] creat("./bus", 000) = 4
[pid 312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 312] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 312] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 24.983271][ T312] loop0: detected capacity change from 0 to 2048
[ 24.999995][ T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.016363][ T312] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 25.028877][ T312] ==================================================================
[ 25.036758][ T312] BUG: KASAN: use-after-free in get_max_inline_xattr_value_size+0x36e/0x510
[ 25.045262][ T312] Read of size 4 at addr ffff888121308004 by task syz-executor289/312
[ 25.053246][ T312]
[ 25.055426][ T312] CPU: 1 PID: 312 Comm: syz-executor289 Not tainted 6.1.25-syzkaller-00027-ga24911abfd55 #0
[ 25.065307][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 25.075524][ T312] Call Trace:
[ 25.078819][ T312] <TASK>
[ 25.081593][ T312] dump_stack_lvl+0x151/0x1b7
[ 25.086239][ T312] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 25.091484][ T312] ? _printk+0xd1/0x111
[ 25.095497][ T312] ? __virt_addr_valid+0x242/0x2f0
[ 25.100429][ T312] print_report+0x158/0x4e0
[ 25.104770][ T312] ? __virt_addr_valid+0x242/0x2f0
[ 25.109713][ T312] ? kasan_addr_to_slab+0xd/0x80
[ 25.114486][ T312] ? get_max_inline_xattr_value_size+0x36e/0x510
[ 25.120649][ T312] kasan_report+0x13c/0x170
[ 25.124988][ T312] ? get_max_inline_xattr_value_size+0x36e/0x510
[ 25.131326][ T312] __asan_report_load4_noabort+0x14/0x20
[ 25.136927][ T312] get_max_inline_xattr_value_size+0x36e/0x510
[ 25.142905][ T312] ext4_get_max_inline_size+0x13d/0x1f0
[ 25.148294][ T312] ? ext4_ind_truncate_ensure_credits+0x770/0x770
[ 25.154529][ T312] ? ext4_get_inode_loc+0x14b/0x190
[ 25.159563][ T312] ? ext4_update_inode_fsync_trans+0x2a0/0x2a0
[ 25.165646][ T312] ext4_try_to_write_inline_data+0xd3/0x1420
[ 25.171454][ T312] ? ext4_xattr_ibody_get+0x33d/0x610
[ 25.176759][ T312] ? mb_cache_entry_put+0x90/0x90
[ 25.181608][ T312] ? zero_user_segment+0x2d0/0x2d0
[ 25.186645][ T312] ext4_write_begin+0x200/0xfb0
[ 25.191331][ T312] ? ext4_xattr_security_get+0x32/0x40
[ 25.196624][ T312] ? ext4_initxattrs+0x120/0x120
[ 25.201571][ T312] ? __vfs_getxattr+0x3c3/0x3f0
[ 25.206261][ T312] ? ext4_readahead+0x110/0x110
[ 25.210943][ T312] ? cap_inode_need_killpriv+0x51/0x60
[ 25.216239][ T312] ext4_da_write_begin+0x2ff/0x920
[ 25.221189][ T312] ? file_remove_privs+0x20/0x20
[ 25.225965][ T312] ? ext4_dirty_folio+0xf0/0xf0
[ 25.230740][ T312] ? current_time+0x1af/0x2f0
[ 25.235246][ T312] generic_perform_write+0x2f9/0x5c0
[ 25.240756][ T312] ? generic_file_direct_write+0x6b0/0x6b0
[ 25.246389][ T312] ? generic_write_checks_count+0x490/0x490
[ 25.252194][ T312] ext4_buffered_write_iter+0x360/0x640
[ 25.257572][ T312] ? __kasan_check_write+0x14/0x20
[ 25.262520][ T312] ext4_file_write_iter+0x194/0x1cf0
[ 25.267645][ T312] ? compat_start_thread+0x20/0x20
[ 25.272591][ T312] ? avc_policy_seqno+0x1b/0x70
[ 25.277278][ T312] ? ext4_file_read_iter+0x470/0x470
[ 25.282398][ T312] ? fsnotify_perm+0x6a/0x5d0
[ 25.286910][ T312] vfs_write+0x8d1/0xe80
[ 25.290999][ T312] ? file_end_write+0x1c0/0x1c0
[ 25.295708][ T312] ? ptrace_stop+0x709/0x930
[ 25.300464][ T312] ? __kasan_check_read+0x11/0x20
[ 25.305916][ T312] ? __fdget_pos+0x284/0x310
[ 25.310349][ T312] ksys_write+0x199/0x2c0
[ 25.314599][ T312] ? do_notify_parent+0xa20/0xa20
[ 25.319546][ T312] ? __ia32_sys_read+0x90/0x90
[ 25.324146][ T312] ? fpregs_restore_userregs+0x130/0x290
[ 25.329615][ T312] __x64_sys_write+0x7b/0x90
[ 25.334039][ T312] do_syscall_64+0x3d/0xb0
[ 25.338291][ T312] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 25.344027][ T312] RIP: 0033:0x7fc74bc54329
[ 25.348366][ T312] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 25.367808][ T312] RSP: 002b:00007ffdb248cf38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 25.376055][ T312] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc74bc54329
[ 25.383859][ T312] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000004
[ 25.391799][ T312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 25.399624][ T312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 25.407420][ T312] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffdb248cfa0
[ 25.415232][ T312] </TASK>
[ 25.418097][ T312]
[ 25.420263][ T312] The buggy address belongs to the physical page:
[ 25.426516][ T312] page:ffffea000484c200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x121308
[ 25.436582][ T312] flags: 0x4000000000000000(zone=1)
[ 25.441624][ T312] raw: 4000000000000000 ffffea000484c248 ffffea000484c948 0000000000000000
[ 25.450042][ T312] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 25.458727][ T312] page dumped because: kasan: bad access detected
[ 25.464967][ T312] page_owner tracks the page as freed
[ 25.470258][ T312] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 306, tgid 306 (syz-executor289), ts 24774942178, free_ts 24859714760
[ 25.487896][ T312] post_alloc_hook+0x213/0x220
[ 25.492478][ T312] get_page_from_freelist+0x276c/0x2850
[ 25.497860][ T312] __alloc_pages+0x3a1/0x780
[ 25.502283][ T312] __folio_alloc+0x15/0x40
[ 25.506540][ T312] shmem_alloc_and_acct_folio+0x78c/0xa50
[ 25.512093][ T312] shmem_get_folio_gfp+0x12d4/0x24b0
[ 25.517213][ T312] shmem_write_begin+0x164/0x3a0
[ 25.521987][ T312] generic_perform_write+0x2f9/0x5c0
[ 25.527108][ T312] __generic_file_write_iter+0x174/0x3a0
[ 25.532574][ T312] generic_file_write_iter+0xb1/0x310
[ 25.537788][ T312] vfs_write+0x8d1/0xe80
[ 25.541863][ T312] ksys_write+0x199/0x2c0
[ 25.546030][ T312] __x64_sys_write+0x7b/0x90
[ 25.551060][ T312] do_syscall_64+0x3d/0xb0
[ 25.555317][ T312] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 25.561190][ T312] page last free stack trace:
[ 25.566095][ T312] free_unref_page_prepare+0x83d/0x850
[ 25.571580][ T312] free_unref_page_list+0xf6/0x6c0
[ 25.576771][ T312] release_pages+0xf7f/0xfe0
[ 25.581424][ T312] __pagevec_release+0x84/0x100
[ 25.586530][ T312] shmem_undo_range+0x609/0x15b0
[ 25.591309][ T312] shmem_evict_inode+0x25f/0xa30
[ 25.596077][ T312] evict+0x2a3/0x630
[ 25.599897][ T312] iput+0x642/0x870
[ 25.603647][ T312] dentry_unlink_inode+0x34f/0x440
[ 25.608580][ T312] __dentry_kill+0x447/0x650
[ 25.613003][ T312] dentry_kill+0xc0/0x2a0
[ 25.617512][ T312] dput+0x160/0x310
[ 25.621535][ T312] __fput+0x5f0/0x870
[ 25.625345][ T312] ____fput+0x15/0x20
[ 25.629344][ T312] task_work_run+0x24d/0x2e0
[ 25.634190][ T312] ptrace_notify+0x29e/0x350
[ 25.638618][ T312]
[ 25.641013][ T312] Memory state around the buggy address:
[ 25.646783][ T312] ffff888121307f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 25.654840][ T312] ffff888121307f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 25.662911][ T312] >ffff888121308000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 25.671115][ T312] ^
[ 25.675022][ T312] ffff888121308080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[pid 312] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 312] exit_group(0) = ?
[pid 312] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 316
./strace-static-x86_64: Process 316 attached
[pid 316] set_robust_list(0x555557505660, 24) = 0
[pid 316] chdir("./4") = 0
[pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 316] setpgid(0, 0) = 0
[pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 316] write(3, "1000", 4) = 4
[pid 316] close(3) = 0
[pid 316] symlink("/dev/binderfs", "./binderfs") = 0
[pid 316] memfd_create("syzkaller", 0) = 3
[pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 316] munmap(0x7fc743815000, 1048576) = 0
[pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.683628][ T312] ffff888121308100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 25.691617][ T312] ==================================================================
[ 25.700606][ T312] Disabling lock debugging due to kernel taint
[ 25.707795][ T312] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 25.729114][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 316] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 316] close(3) = 0
[pid 316] mkdir("./file0", 0777) = 0
[pid 316] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 316] chdir("./file0") = 0
[pid 316] ioctl(4, LOOP_CLR_FD) = 0
[pid 316] close(4) = 0
[pid 316] creat("./bus", 000) = 4
[pid 316] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 316] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 316] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 316] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 25.761089][ T316] loop0: detected capacity change from 0 to 2048
[ 25.780273][ T316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 316] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 316] exit_group(0) = ?
[pid 316] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 319
./strace-static-x86_64: Process 319 attached
[pid 319] set_robust_list(0x555557505660, 24) = 0
[pid 319] chdir("./5") = 0
[pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 319] setpgid(0, 0) = 0
[pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 319] write(3, "1000", 4) = 4
[pid 319] close(3) = 0
[pid 319] symlink("/dev/binderfs", "./binderfs") = 0
[pid 319] memfd_create("syzkaller", 0) = 3
[pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 319] munmap(0x7fc743815000, 1048576) = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.803746][ T316] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 25.816185][ T316] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 25.836246][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 319] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 319] close(3) = 0
[pid 319] mkdir("./file0", 0777) = 0
[pid 319] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 319] chdir("./file0") = 0
[pid 319] ioctl(4, LOOP_CLR_FD) = 0
[pid 319] close(4) = 0
[pid 319] creat("./bus", 000) = 4
[pid 319] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 319] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 319] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 319] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 25.868442][ T319] loop0: detected capacity change from 0 to 2048
[ 25.889879][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 319] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 319] exit_group(0) = ?
[pid 319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 322
./strace-static-x86_64: Process 322 attached
[pid 322] set_robust_list(0x555557505660, 24) = 0
[pid 322] chdir("./6") = 0
[pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 322] setpgid(0, 0) = 0
[pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 322] write(3, "1000", 4) = 4
[pid 322] close(3) = 0
[pid 322] symlink("/dev/binderfs", "./binderfs") = 0
[pid 322] memfd_create("syzkaller", 0) = 3
[pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 322] munmap(0x7fc743815000, 1048576) = 0
[pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.911857][ T319] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 25.924741][ T319] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 25.947503][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 322] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 322] close(3) = 0
[pid 322] mkdir("./file0", 0777) = 0
[pid 322] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 322] chdir("./file0") = 0
[pid 322] ioctl(4, LOOP_CLR_FD) = 0
[pid 322] close(4) = 0
[pid 322] creat("./bus", 000) = 4
[pid 322] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 322] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 322] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 322] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 25.969883][ T322] loop0: detected capacity change from 0 to 2048
[ 25.979699][ T322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.997496][ T322] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 322] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 322] exit_group(0) = ?
[pid 322] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 325
./strace-static-x86_64: Process 325 attached
[pid 325] set_robust_list(0x555557505660, 24) = 0
[pid 325] chdir("./7") = 0
[pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 325] setpgid(0, 0) = 0
[pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 325] write(3, "1000", 4) = 4
[pid 325] close(3) = 0
[pid 325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 325] memfd_create("syzkaller", 0) = 3
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 325] munmap(0x7fc743815000, 1048576) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 325] close(3) = 0
[pid 325] mkdir("./file0", 0777) = 0
[ 26.009841][ T322] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.029286][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 26.057530][ T325] loop0: detected capacity change from 0 to 2048
[pid 325] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 325] chdir("./file0") = 0
[pid 325] ioctl(4, LOOP_CLR_FD) = 0
[pid 325] close(4) = 0
[pid 325] creat("./bus", 000) = 4
[pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 325] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 325] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 325] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 325] exit_group(0) = ?
[pid 325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 26.070516][ T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.087573][ T325] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 26.099980][ T325] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 328 attached
<unfinished ...>
[pid 328] set_robust_list(0x555557505660, 24) = 0
[pid 328] chdir("./8") = 0
[pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 328] setpgid(0, 0) = 0
[pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 328] write(3, "1000", 4) = 4
[pid 328] close(3) = 0
[pid 328] symlink("/dev/binderfs", "./binderfs") = 0
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 328
[pid 328] memfd_create("syzkaller", 0) = 3
[pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 328] munmap(0x7fc743815000, 1048576) = 0
[pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.119669][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 328] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 328] close(3) = 0
[pid 328] mkdir("./file0", 0777) = 0
[pid 328] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 328] chdir("./file0") = 0
[pid 328] ioctl(4, LOOP_CLR_FD) = 0
[pid 328] close(4) = 0
[pid 328] creat("./bus", 000) = 4
[pid 328] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 328] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 328] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 328] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 26.146423][ T328] loop0: detected capacity change from 0 to 2048
[ 26.160390][ T328] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.179353][ T328] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 328] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 328] exit_group(0) = ?
[pid 328] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 331
./strace-static-x86_64: Process 331 attached
[pid 331] set_robust_list(0x555557505660, 24) = 0
[pid 331] chdir("./9") = 0
[pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 331] setpgid(0, 0) = 0
[pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 331] write(3, "1000", 4) = 4
[pid 331] close(3) = 0
[pid 331] symlink("/dev/binderfs", "./binderfs") = 0
[pid 331] memfd_create("syzkaller", 0) = 3
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 331] munmap(0x7fc743815000, 1048576) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.193288][ T328] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.213835][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 331] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 331] close(3) = 0
[pid 331] mkdir("./file0", 0777) = 0
[pid 331] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 331] chdir("./file0") = 0
[pid 331] ioctl(4, LOOP_CLR_FD) = 0
[pid 331] close(4) = 0
[pid 331] creat("./bus", 000) = 4
[pid 331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 331] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 331] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 331] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 26.245758][ T331] loop0: detected capacity change from 0 to 2048
[ 26.269811][ T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 331] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 331] exit_group(0) = ?
[pid 331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 334 attached
<unfinished ...>
[pid 334] set_robust_list(0x555557505660, 24) = 0
[pid 334] chdir("./10") = 0
[pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 334] setpgid(0, 0) = 0
[pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 334] write(3, "1000", 4) = 4
[pid 334] close(3) = 0
[pid 334] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 334
[pid 334] <... symlink resumed>) = 0
[pid 334] memfd_create("syzkaller", 0) = 3
[pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 334] munmap(0x7fc743815000, 1048576) = 0
[pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.287156][ T331] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 26.299745][ T331] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.318898][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 334] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 334] close(3) = 0
[pid 334] mkdir("./file0", 0777) = 0
[ 26.345012][ T334] loop0: detected capacity change from 0 to 2048
[pid 334] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 334] chdir("./file0") = 0
[pid 334] ioctl(4, LOOP_CLR_FD) = 0
[pid 334] close(4) = 0
[pid 334] creat("./bus", 000) = 4
[pid 334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 334] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 334] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 334] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 334] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 334] exit_group(0) = ?
[pid 334] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 26.369792][ T334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.387525][ T334] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 26.399906][ T334] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 337
./strace-static-x86_64: Process 337 attached
[pid 337] set_robust_list(0x555557505660, 24) = 0
[pid 337] chdir("./11") = 0
[pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 337] setpgid(0, 0) = 0
[pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 337] write(3, "1000", 4) = 4
[pid 337] close(3) = 0
[pid 337] symlink("/dev/binderfs", "./binderfs") = 0
[pid 337] memfd_create("syzkaller", 0) = 3
[pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 337] munmap(0x7fc743815000, 1048576) = 0
[pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 337] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 337] close(3) = 0
[pid 337] mkdir("./file0", 0777) = 0
[ 26.421735][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 26.460053][ T337] loop0: detected capacity change from 0 to 2048
[pid 337] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 337] chdir("./file0") = 0
[pid 337] ioctl(4, LOOP_CLR_FD) = 0
[pid 337] close(4) = 0
[pid 337] creat("./bus", 000) = 4
[pid 337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 337] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 337] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 337] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 337] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 337] exit_group(0) = ?
[pid 337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
[ 26.469778][ T337] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.487648][ T337] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 26.500178][ T337] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 340
./strace-static-x86_64: Process 340 attached
[pid 340] set_robust_list(0x555557505660, 24) = 0
[pid 340] chdir("./12") = 0
[pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 340] setpgid(0, 0) = 0
[pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 340] write(3, "1000", 4) = 4
[pid 340] close(3) = 0
[pid 340] symlink("/dev/binderfs", "./binderfs") = 0
[pid 340] memfd_create("syzkaller", 0) = 3
[pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 340] munmap(0x7fc743815000, 1048576) = 0
[pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.520369][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 340] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 340] close(3) = 0
[pid 340] mkdir("./file0", 0777) = 0
[pid 340] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 340] chdir("./file0") = 0
[pid 340] ioctl(4, LOOP_CLR_FD) = 0
[pid 340] close(4) = 0
[pid 340] creat("./bus", 000) = 4
[pid 340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 340] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 340] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 340] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 26.544074][ T340] loop0: detected capacity change from 0 to 2048
[ 26.560447][ T340] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.579860][ T340] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 340] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 340] exit_group(0) = ?
[pid 340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 343
./strace-static-x86_64: Process 343 attached
[pid 343] set_robust_list(0x555557505660, 24) = 0
[pid 343] chdir("./13") = 0
[pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 343] setpgid(0, 0) = 0
[pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 343] write(3, "1000", 4) = 4
[pid 343] close(3) = 0
[pid 343] symlink("/dev/binderfs", "./binderfs") = 0
[pid 343] memfd_create("syzkaller", 0) = 3
[pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 343] munmap(0x7fc743815000, 1048576) = 0
[pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.592111][ T340] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.615982][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 343] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 343] close(3) = 0
[pid 343] mkdir("./file0", 0777) = 0
[pid 343] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 343] chdir("./file0") = 0
[pid 343] ioctl(4, LOOP_CLR_FD) = 0
[pid 343] close(4) = 0
[pid 343] creat("./bus", 000) = 4
[pid 343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 343] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 343] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 26.648794][ T343] loop0: detected capacity change from 0 to 2048
[ 26.670139][ T343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.687119][ T343] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 343] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 343] exit_group(0) = ?
[pid 343] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 347 attached
<unfinished ...>
[pid 347] set_robust_list(0x555557505660, 24) = 0
[pid 347] chdir("./14") = 0
[pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 347] setpgid(0, 0) = 0
[pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 347
[pid 347] write(3, "1000", 4) = 4
[pid 347] close(3) = 0
[pid 347] symlink("/dev/binderfs", "./binderfs") = 0
[pid 347] memfd_create("syzkaller", 0) = 3
[pid 347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 347] munmap(0x7fc743815000, 1048576) = 0
[pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.699473][ T343] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.720231][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 347] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 347] close(3) = 0
[pid 347] mkdir("./file0", 0777) = 0
[pid 347] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 347] chdir("./file0") = 0
[pid 347] ioctl(4, LOOP_CLR_FD) = 0
[pid 347] close(4) = 0
[pid 347] creat("./bus", 000) = 4
[pid 347] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 347] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 347] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 26.747716][ T347] loop0: detected capacity change from 0 to 2048
[ 26.760296][ T347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.778465][ T347] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 347] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 347] exit_group(0) = ?
[pid 347] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached
<unfinished ...>
[pid 350] set_robust_list(0x555557505660, 24) = 0
[pid 350] chdir("./15" <unfinished ...>
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 350
[pid 350] <... chdir resumed>) = 0
[pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 350] setpgid(0, 0) = 0
[pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 350] write(3, "1000", 4) = 4
[pid 350] close(3) = 0
[pid 350] symlink("/dev/binderfs", "./binderfs") = 0
[pid 350] memfd_create("syzkaller", 0) = 3
[pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 350] munmap(0x7fc743815000, 1048576) = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 350] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 350] close(3) = 0
[pid 350] mkdir("./file0", 0777) = 0
[ 26.790955][ T347] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.810464][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 26.839568][ T350] loop0: detected capacity change from 0 to 2048
[pid 350] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 350] chdir("./file0") = 0
[pid 350] ioctl(4, LOOP_CLR_FD) = 0
[pid 350] close(4) = 0
[pid 350] creat("./bus", 000) = 4
[pid 350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 350] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 350] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 350] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 350] exit_group(0) = ?
[pid 350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
[ 26.849766][ T350] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.867015][ T350] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 26.879389][ T350] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 353
./strace-static-x86_64: Process 353 attached
[pid 353] set_robust_list(0x555557505660, 24) = 0
[pid 353] chdir("./16") = 0
[pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 353] setpgid(0, 0) = 0
[pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 353] write(3, "1000", 4) = 4
[pid 353] close(3) = 0
[pid 353] symlink("/dev/binderfs", "./binderfs") = 0
[pid 353] memfd_create("syzkaller", 0) = 3
[pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 353] munmap(0x7fc743815000, 1048576) = 0
[pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 353] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 353] close(3) = 0
[pid 353] mkdir("./file0", 0777) = 0
[pid 353] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 353] chdir("./file0") = 0
[pid 353] ioctl(4, LOOP_CLR_FD) = 0
[pid 353] close(4) = 0
[pid 353] creat("./bus", 000) = 4
[pid 353] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 353] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 353] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 26.904268][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 26.926013][ T353] loop0: detected capacity change from 0 to 2048
[ 26.939849][ T353] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 353] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 353] exit_group(0) = ?
[pid 353] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 356
./strace-static-x86_64: Process 356 attached
[pid 356] set_robust_list(0x555557505660, 24) = 0
[pid 356] chdir("./17") = 0
[pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 356] setpgid(0, 0) = 0
[pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 356] write(3, "1000", 4) = 4
[pid 356] close(3) = 0
[pid 356] symlink("/dev/binderfs", "./binderfs") = 0
[pid 356] memfd_create("syzkaller", 0) = 3
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 356] munmap(0x7fc743815000, 1048576) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.957636][ T353] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 26.969879][ T353] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 26.991634][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 356] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 356] close(3) = 0
[pid 356] mkdir("./file0", 0777) = 0
[pid 356] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 356] chdir("./file0") = 0
[pid 356] ioctl(4, LOOP_CLR_FD) = 0
[pid 356] close(4) = 0
[pid 356] creat("./bus", 000) = 4
[pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 356] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 356] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 356] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.014864][ T356] loop0: detected capacity change from 0 to 2048
[ 27.030041][ T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 356] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 356] exit_group(0) = ?
[pid 356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 359
./strace-static-x86_64: Process 359 attached
[pid 359] set_robust_list(0x555557505660, 24) = 0
[pid 359] chdir("./18") = 0
[pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 359] setpgid(0, 0) = 0
[pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 359] write(3, "1000", 4) = 4
[pid 359] close(3) = 0
[pid 359] symlink("/dev/binderfs", "./binderfs") = 0
[pid 359] memfd_create("syzkaller", 0) = 3
[pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 359] munmap(0x7fc743815000, 1048576) = 0
[pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.053758][ T356] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 27.066250][ T356] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.090115][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 359] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 359] close(3) = 0
[pid 359] mkdir("./file0", 0777) = 0
[pid 359] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 359] chdir("./file0") = 0
[pid 359] ioctl(4, LOOP_CLR_FD) = 0
[pid 359] close(4) = 0
[pid 359] creat("./bus", 000) = 4
[pid 359] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 359] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 359] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.124837][ T359] loop0: detected capacity change from 0 to 2048
[ 27.150067][ T359] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 359] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 359] exit_group(0) = ?
[pid 359] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 362
./strace-static-x86_64: Process 362 attached
[pid 362] set_robust_list(0x555557505660, 24) = 0
[pid 362] chdir("./19") = 0
[pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 362] setpgid(0, 0) = 0
[pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 362] write(3, "1000", 4) = 4
[pid 362] close(3) = 0
[pid 362] symlink("/dev/binderfs", "./binderfs") = 0
[pid 362] memfd_create("syzkaller", 0) = 3
[pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 362] munmap(0x7fc743815000, 1048576) = 0
[pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.171006][ T359] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 27.183391][ T359] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.207700][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 362] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 362] close(3) = 0
[pid 362] mkdir("./file0", 0777) = 0
[pid 362] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 362] chdir("./file0") = 0
[pid 362] ioctl(4, LOOP_CLR_FD) = 0
[pid 362] close(4) = 0
[pid 362] creat("./bus", 000) = 4
[pid 362] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 362] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 362] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 362] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.231320][ T362] loop0: detected capacity change from 0 to 2048
[ 27.249936][ T362] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.267992][ T362] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 362] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 362] exit_group(0) = ?
[pid 362] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 365
./strace-static-x86_64: Process 365 attached
[pid 365] set_robust_list(0x555557505660, 24) = 0
[pid 365] chdir("./20") = 0
[pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 365] setpgid(0, 0) = 0
[pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 365] write(3, "1000", 4) = 4
[pid 365] close(3) = 0
[pid 365] symlink("/dev/binderfs", "./binderfs") = 0
[pid 365] memfd_create("syzkaller", 0) = 3
[pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 365] munmap(0x7fc743815000, 1048576) = 0
[pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.280887][ T362] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.302705][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 365] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 365] close(3) = 0
[pid 365] mkdir("./file0", 0777) = 0
[pid 365] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 365] chdir("./file0") = 0
[pid 365] ioctl(4, LOOP_CLR_FD) = 0
[pid 365] close(4) = 0
[pid 365] creat("./bus", 000) = 4
[pid 365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 365] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 365] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.328190][ T365] loop0: detected capacity change from 0 to 2048
[ 27.339854][ T365] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.356863][ T365] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 365] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 365] exit_group(0) = ?
[pid 365] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 368
./strace-static-x86_64: Process 368 attached
[pid 368] set_robust_list(0x555557505660, 24) = 0
[pid 368] chdir("./21") = 0
[pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 368] setpgid(0, 0) = 0
[pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 368] write(3, "1000", 4) = 4
[pid 368] close(3) = 0
[pid 368] symlink("/dev/binderfs", "./binderfs") = 0
[pid 368] memfd_create("syzkaller", 0) = 3
[pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 368] munmap(0x7fc743815000, 1048576) = 0
[pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 368] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 368] close(3) = 0
[pid 368] mkdir("./file0", 0777) = 0
[ 27.369299][ T365] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.390251][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 27.416500][ T368] loop0: detected capacity change from 0 to 2048
[pid 368] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 368] chdir("./file0") = 0
[pid 368] ioctl(4, LOOP_CLR_FD) = 0
[pid 368] close(4) = 0
[pid 368] creat("./bus", 000) = 4
[pid 368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 368] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 368] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 368] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 368] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 368] exit_group(0) = ?
[pid 368] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
[ 27.430195][ T368] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.448134][ T368] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 27.460525][ T368] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 371
./strace-static-x86_64: Process 371 attached
[pid 371] set_robust_list(0x555557505660, 24) = 0
[pid 371] chdir("./22") = 0
[pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 371] setpgid(0, 0) = 0
[pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 371] write(3, "1000", 4) = 4
[pid 371] close(3) = 0
[pid 371] symlink("/dev/binderfs", "./binderfs") = 0
[pid 371] memfd_create("syzkaller", 0) = 3
[pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 371] munmap(0x7fc743815000, 1048576) = 0
[pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 371] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 371] close(3) = 0
[pid 371] mkdir("./file0", 0777) = 0
[ 27.482356][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 27.507101][ T371] loop0: detected capacity change from 0 to 2048
[pid 371] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 371] chdir("./file0") = 0
[pid 371] ioctl(4, LOOP_CLR_FD) = 0
[pid 371] close(4) = 0
[pid 371] creat("./bus", 000) = 4
[pid 371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 371] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 371] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 371] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 371] exit_group(0) = ?
[pid 371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
[ 27.530063][ T371] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.547795][ T371] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 27.560377][ T371] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 374
./strace-static-x86_64: Process 374 attached
[pid 374] set_robust_list(0x555557505660, 24) = 0
[pid 374] chdir("./23") = 0
[pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 374] setpgid(0, 0) = 0
[pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 374] write(3, "1000", 4) = 4
[pid 374] close(3) = 0
[pid 374] symlink("/dev/binderfs", "./binderfs") = 0
[pid 374] memfd_create("syzkaller", 0) = 3
[pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 374] munmap(0x7fc743815000, 1048576) = 0
[pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.579067][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 374] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 374] close(3) = 0
[pid 374] mkdir("./file0", 0777) = 0
[pid 374] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 374] chdir("./file0") = 0
[pid 374] ioctl(4, LOOP_CLR_FD) = 0
[pid 374] close(4) = 0
[pid 374] creat("./bus", 000) = 4
[pid 374] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 374] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 374] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.611715][ T374] loop0: detected capacity change from 0 to 2048
[ 27.629835][ T374] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.648086][ T374] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 374] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 374] exit_group(0) = ?
[pid 374] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 378
./strace-static-x86_64: Process 378 attached
[pid 378] set_robust_list(0x555557505660, 24) = 0
[pid 378] chdir("./24") = 0
[pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 378] setpgid(0, 0) = 0
[pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 378] write(3, "1000", 4) = 4
[pid 378] close(3) = 0
[pid 378] symlink("/dev/binderfs", "./binderfs") = 0
[pid 378] memfd_create("syzkaller", 0) = 3
[pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 378] munmap(0x7fc743815000, 1048576) = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.660427][ T374] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.679400][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 378] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 378] close(3) = 0
[pid 378] mkdir("./file0", 0777) = 0
[pid 378] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 378] chdir("./file0") = 0
[pid 378] ioctl(4, LOOP_CLR_FD) = 0
[pid 378] close(4) = 0
[pid 378] creat("./bus", 000) = 4
[pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 378] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.717458][ T378] loop0: detected capacity change from 0 to 2048
[ 27.729976][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.749172][ T378] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 378] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 378] exit_group(0) = ?
[pid 378] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 381
./strace-static-x86_64: Process 381 attached
[pid 381] set_robust_list(0x555557505660, 24) = 0
[pid 381] chdir("./25") = 0
[pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 381] setpgid(0, 0) = 0
[pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 381] write(3, "1000", 4) = 4
[pid 381] close(3) = 0
[pid 381] symlink("/dev/binderfs", "./binderfs") = 0
[pid 381] memfd_create("syzkaller", 0) = 3
[pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 381] munmap(0x7fc743815000, 1048576) = 0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 381] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 381] close(3) = 0
[pid 381] mkdir("./file0", 0777) = 0
[ 27.761781][ T378] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.783748][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 27.804985][ T381] loop0: detected capacity change from 0 to 2048
[pid 381] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 381] chdir("./file0") = 0
[pid 381] ioctl(4, LOOP_CLR_FD) = 0
[pid 381] close(4) = 0
[pid 381] creat("./bus", 000) = 4
[pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 381] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 381] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 381] exit_group(0) = ?
[pid 381] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
[ 27.820117][ T381] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.837662][ T381] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 27.850004][ T381] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 384 attached
<unfinished ...>
[pid 384] set_robust_list(0x555557505660, 24) = 0
[pid 384] chdir("./26") = 0
[pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 384] setpgid(0, 0) = 0
[pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 384] write(3, "1000", 4) = 4
[pid 384] close(3) = 0
[pid 384] symlink("/dev/binderfs", "./binderfs") = 0
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 384
[pid 384] memfd_create("syzkaller", 0) = 3
[pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 384] munmap(0x7fc743815000, 1048576) = 0
[pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.869629][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 384] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 384] close(3) = 0
[pid 384] mkdir("./file0", 0777) = 0
[pid 384] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 384] chdir("./file0") = 0
[pid 384] ioctl(4, LOOP_CLR_FD) = 0
[pid 384] close(4) = 0
[pid 384] creat("./bus", 000) = 4
[pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 384] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 384] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 27.897847][ T384] loop0: detected capacity change from 0 to 2048
[ 27.909827][ T384] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.933353][ T384] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 384] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 384] exit_group(0) = ?
[pid 384] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 387
./strace-static-x86_64: Process 387 attached
[pid 387] set_robust_list(0x555557505660, 24) = 0
[pid 387] chdir("./27") = 0
[pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 387] setpgid(0, 0) = 0
[pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 387] write(3, "1000", 4) = 4
[pid 387] close(3) = 0
[pid 387] symlink("/dev/binderfs", "./binderfs") = 0
[pid 387] memfd_create("syzkaller", 0) = 3
[pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 387] munmap(0x7fc743815000, 1048576) = 0
[pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.945882][ T384] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 27.967642][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 387] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 387] close(3) = 0
[pid 387] mkdir("./file0", 0777) = 0
[pid 387] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 387] chdir("./file0") = 0
[pid 387] ioctl(4, LOOP_CLR_FD) = 0
[pid 387] close(4) = 0
[pid 387] creat("./bus", 000) = 4
[pid 387] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 387] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 387] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.004247][ T387] loop0: detected capacity change from 0 to 2048
[ 28.019810][ T387] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 387] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 387] exit_group(0) = ?
[pid 387] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 390
./strace-static-x86_64: Process 390 attached
[pid 390] set_robust_list(0x555557505660, 24) = 0
[pid 390] chdir("./28") = 0
[pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 390] setpgid(0, 0) = 0
[pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 390] write(3, "1000", 4) = 4
[pid 390] close(3) = 0
[pid 390] symlink("/dev/binderfs", "./binderfs") = 0
[pid 390] memfd_create("syzkaller", 0) = 3
[pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 390] munmap(0x7fc743815000, 1048576) = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.044374][ T387] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 28.056643][ T387] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 28.081977][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 390] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 390] close(3) = 0
[pid 390] mkdir("./file0", 0777) = 0
[pid 390] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 390] chdir("./file0") = 0
[pid 390] ioctl(4, LOOP_CLR_FD) = 0
[pid 390] close(4) = 0
[pid 390] creat("./bus", 000) = 4
[pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.108116][ T390] loop0: detected capacity change from 0 to 2048
[ 28.119772][ T390] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.136351][ T390] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 390] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 390] exit_group(0) = ?
[pid 390] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 393
./strace-static-x86_64: Process 393 attached
[pid 393] set_robust_list(0x555557505660, 24) = 0
[pid 393] chdir("./29") = 0
[pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 393] setpgid(0, 0) = 0
[pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 393] write(3, "1000", 4) = 4
[pid 393] close(3) = 0
[pid 393] symlink("/dev/binderfs", "./binderfs") = 0
[pid 393] memfd_create("syzkaller", 0) = 3
[pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 393] munmap(0x7fc743815000, 1048576) = 0
[pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.149396][ T390] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 28.170970][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 393] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 393] close(3) = 0
[pid 393] mkdir("./file0", 0777) = 0
[pid 393] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 393] chdir("./file0") = 0
[pid 393] ioctl(4, LOOP_CLR_FD) = 0
[pid 393] close(4) = 0
[pid 393] creat("./bus", 000) = 4
[pid 393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 393] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 393] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.200011][ T393] loop0: detected capacity change from 0 to 2048
[ 28.209665][ T393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.234024][ T393] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 393] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 393] exit_group(0) = ?
[pid 393] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 396
./strace-static-x86_64: Process 396 attached
[pid 396] set_robust_list(0x555557505660, 24) = 0
[pid 396] chdir("./30") = 0
[pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 396] setpgid(0, 0) = 0
[pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 396] write(3, "1000", 4) = 4
[pid 396] close(3) = 0
[pid 396] symlink("/dev/binderfs", "./binderfs") = 0
[pid 396] memfd_create("syzkaller", 0) = 3
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 396] munmap(0x7fc743815000, 1048576) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.246947][ T393] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 28.271619][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 396] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 396] close(3) = 0
[pid 396] mkdir("./file0", 0777) = 0
[pid 396] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 396] chdir("./file0") = 0
[pid 396] ioctl(4, LOOP_CLR_FD) = 0
[pid 396] close(4) = 0
[pid 396] creat("./bus", 000) = 4
[pid 396] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 396] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.298533][ T396] loop0: detected capacity change from 0 to 2048
[ 28.310344][ T396] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.334552][ T396] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 396] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 396] exit_group(0) = ?
[pid 396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 399
./strace-static-x86_64: Process 399 attached
[pid 399] set_robust_list(0x555557505660, 24) = 0
[pid 399] chdir("./31") = 0
[pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 399] setpgid(0, 0) = 0
[pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 399] write(3, "1000", 4) = 4
[pid 399] close(3) = 0
[pid 399] symlink("/dev/binderfs", "./binderfs") = 0
[pid 399] memfd_create("syzkaller", 0) = 3
[pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 399] munmap(0x7fc743815000, 1048576) = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.347254][ T396] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 28.373807][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 399] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 399] close(3) = 0
[pid 399] mkdir("./file0", 0777) = 0
[pid 399] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 399] chdir("./file0") = 0
[pid 399] ioctl(4, LOOP_CLR_FD) = 0
[pid 399] close(4) = 0
[pid 399] creat("./bus", 000) = 4
[pid 399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 399] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 399] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.412544][ T399] loop0: detected capacity change from 0 to 2048
[ 28.429736][ T399] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.448779][ T399] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 399] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 399] exit_group(0) = ?
[pid 399] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 402
./strace-static-x86_64: Process 402 attached
[pid 402] set_robust_list(0x555557505660, 24) = 0
[pid 402] chdir("./32") = 0
[pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 402] setpgid(0, 0) = 0
[pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 402] write(3, "1000", 4) = 4
[pid 402] close(3) = 0
[pid 402] symlink("/dev/binderfs", "./binderfs") = 0
[pid 402] memfd_create("syzkaller", 0) = 3
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 402] munmap(0x7fc743815000, 1048576) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.461243][ T399] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 402] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 402] close(3) = 0
[pid 402] mkdir("./file0", 0777) = 0
[pid 402] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 402] chdir("./file0") = 0
[pid 402] ioctl(4, LOOP_CLR_FD) = 0
[pid 402] close(4) = 0
[pid 402] creat("./bus", 000) = 4
[pid 402] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 402] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 402] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 402] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 402] exit_group(0) = ?
[pid 402] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 405
./strace-static-x86_64: Process 405 attached
[pid 405] set_robust_list(0x555557505660, 24) = 0
[pid 405] chdir("./33") = 0
[pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 405] setpgid(0, 0) = 0
[pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 405] write(3, "1000", 4) = 4
[pid 405] close(3) = 0
[pid 405] symlink("/dev/binderfs", "./binderfs") = 0
[pid 405] memfd_create("syzkaller", 0) = 3
[pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 405] munmap(0x7fc743815000, 1048576) = 0
[pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.506843][ T402] loop0: detected capacity change from 0 to 2048
[ 28.527498][ T402] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 28.539808][ T402] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 405] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 405] close(3) = 0
[pid 405] mkdir("./file0", 0777) = 0
[pid 405] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 405] chdir("./file0") = 0
[pid 405] ioctl(4, LOOP_CLR_FD) = 0
[pid 405] close(4) = 0
[pid 405] creat("./bus", 000) = 4
[pid 405] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 405] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 405] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.590214][ T405] loop0: detected capacity change from 0 to 2048
[ 28.622346][ T405] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 405] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 405] exit_group(0) = ?
[pid 405] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 408
./strace-static-x86_64: Process 408 attached
[pid 408] set_robust_list(0x555557505660, 24) = 0
[pid 408] chdir("./34") = 0
[pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 408] setpgid(0, 0) = 0
[pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 408] write(3, "1000", 4) = 4
[pid 408] close(3) = 0
[pid 408] symlink("/dev/binderfs", "./binderfs") = 0
[pid 408] memfd_create("syzkaller", 0) = 3
[pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 408] munmap(0x7fc743815000, 1048576) = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 408] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 408] close(3) = 0
[pid 408] mkdir("./file0", 0777) = 0
[pid 408] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 408] chdir("./file0") = 0
[pid 408] ioctl(4, LOOP_CLR_FD) = 0
[pid 408] close(4) = 0
[pid 408] creat("./bus", 000) = 4
[pid 408] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 408] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 408] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.635446][ T405] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 28.673016][ T408] loop0: detected capacity change from 0 to 2048
[pid 408] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 408] exit_group(0) = ?
[pid 408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 412
./strace-static-x86_64: Process 412 attached
[pid 412] set_robust_list(0x555557505660, 24) = 0
[pid 412] chdir("./35") = 0
[pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 412] setpgid(0, 0) = 0
[pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 412] write(3, "1000", 4) = 4
[pid 412] close(3) = 0
[pid 412] symlink("/dev/binderfs", "./binderfs") = 0
[pid 412] memfd_create("syzkaller", 0) = 3
[pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 412] munmap(0x7fc743815000, 1048576) = 0
[pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.706197][ T408] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 28.718413][ T408] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 412] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 412] close(3) = 0
[pid 412] mkdir("./file0", 0777) = 0
[pid 412] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 412] chdir("./file0") = 0
[pid 412] ioctl(4, LOOP_CLR_FD) = 0
[pid 412] close(4) = 0
[pid 412] creat("./bus", 000) = 4
[pid 412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 412] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 412] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 412] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.761221][ T412] loop0: detected capacity change from 0 to 2048
[ 28.787881][ T412] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 412] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 412] exit_group(0) = ?
[pid 412] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 415
./strace-static-x86_64: Process 415 attached
[pid 415] set_robust_list(0x555557505660, 24) = 0
[pid 415] chdir("./36") = 0
[pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 415] setpgid(0, 0) = 0
[pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 415] write(3, "1000", 4) = 4
[pid 415] close(3) = 0
[pid 415] symlink("/dev/binderfs", "./binderfs") = 0
[pid 415] memfd_create("syzkaller", 0) = 3
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 415] munmap(0x7fc743815000, 1048576) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.800224][ T412] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 415] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 415] close(3) = 0
[pid 415] mkdir("./file0", 0777) = 0
[pid 415] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 415] chdir("./file0") = 0
[pid 415] ioctl(4, LOOP_CLR_FD) = 0
[pid 415] close(4) = 0
[pid 415] creat("./bus", 000) = 4
[pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 415] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 415] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.841469][ T415] loop0: detected capacity change from 0 to 2048
[ 28.878087][ T415] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 415] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 415] exit_group(0) = ?
[pid 415] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 418
./strace-static-x86_64: Process 418 attached
[pid 418] set_robust_list(0x555557505660, 24) = 0
[pid 418] chdir("./37") = 0
[pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 418] setpgid(0, 0) = 0
[pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 418] write(3, "1000", 4) = 4
[pid 418] close(3) = 0
[pid 418] symlink("/dev/binderfs", "./binderfs") = 0
[pid 418] memfd_create("syzkaller", 0) = 3
[pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 418] munmap(0x7fc743815000, 1048576) = 0
[pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.890496][ T415] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 418] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 418] close(3) = 0
[pid 418] mkdir("./file0", 0777) = 0
[pid 418] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 418] chdir("./file0") = 0
[pid 418] ioctl(4, LOOP_CLR_FD) = 0
[pid 418] close(4) = 0
[pid 418] creat("./bus", 000) = 4
[pid 418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 418] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 418] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 418] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 28.937391][ T418] loop0: detected capacity change from 0 to 2048
[ 28.961678][ T418] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 418] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 418] exit_group(0) = ?
[pid 418] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 421
./strace-static-x86_64: Process 421 attached
[pid 421] set_robust_list(0x555557505660, 24) = 0
[pid 421] chdir("./38") = 0
[pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 421] setpgid(0, 0) = 0
[pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 421] write(3, "1000", 4) = 4
[pid 421] close(3) = 0
[pid 421] symlink("/dev/binderfs", "./binderfs") = 0
[pid 421] memfd_create("syzkaller", 0) = 3
[pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 421] munmap(0x7fc743815000, 1048576) = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.974716][ T418] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 421] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 421] close(3) = 0
[pid 421] mkdir("./file0", 0777) = 0
[pid 421] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 421] chdir("./file0") = 0
[pid 421] ioctl(4, LOOP_CLR_FD) = 0
[pid 421] close(4) = 0
[pid 421] creat("./bus", 000) = 4
[pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 421] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 421] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 421] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.027427][ T421] loop0: detected capacity change from 0 to 2048
[ 29.050437][ T421] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 421] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 421] exit_group(0) = ?
[pid 421] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 424
./strace-static-x86_64: Process 424 attached
[pid 424] set_robust_list(0x555557505660, 24) = 0
[pid 424] chdir("./39") = 0
[pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 424] setpgid(0, 0) = 0
[pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 424] write(3, "1000", 4) = 4
[pid 424] close(3) = 0
[pid 424] symlink("/dev/binderfs", "./binderfs") = 0
[pid 424] memfd_create("syzkaller", 0) = 3
[pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 424] munmap(0x7fc743815000, 1048576) = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.062743][ T421] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 424] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 424] close(3) = 0
[pid 424] mkdir("./file0", 0777) = 0
[pid 424] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 424] chdir("./file0") = 0
[pid 424] ioctl(4, LOOP_CLR_FD) = 0
[pid 424] close(4) = 0
[pid 424] creat("./bus", 000) = 4
[pid 424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 424] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 424] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 424] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.107545][ T424] loop0: detected capacity change from 0 to 2048
[ 29.145311][ T424] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 424] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 424] exit_group(0) = ?
[pid 424] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 427
./strace-static-x86_64: Process 427 attached
[pid 427] set_robust_list(0x555557505660, 24) = 0
[pid 427] chdir("./40") = 0
[pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 427] setpgid(0, 0) = 0
[pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 427] write(3, "1000", 4) = 4
[pid 427] close(3) = 0
[pid 427] symlink("/dev/binderfs", "./binderfs") = 0
[pid 427] memfd_create("syzkaller", 0) = 3
[pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 427] munmap(0x7fc743815000, 1048576) = 0
[pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 427] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 427] close(3) = 0
[pid 427] mkdir("./file0", 0777) = 0
[pid 427] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 427] chdir("./file0") = 0
[pid 427] ioctl(4, LOOP_CLR_FD) = 0
[pid 427] close(4) = 0
[pid 427] creat("./bus", 000) = 4
[pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 427] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 427] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 427] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.158078][ T424] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 29.197182][ T427] loop0: detected capacity change from 0 to 2048
[pid 427] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 427] exit_group(0) = ?
[pid 427] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 430
./strace-static-x86_64: Process 430 attached
[pid 430] set_robust_list(0x555557505660, 24) = 0
[pid 430] chdir("./41") = 0
[pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 430] setpgid(0, 0) = 0
[pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 430] write(3, "1000", 4) = 4
[pid 430] close(3) = 0
[pid 430] symlink("/dev/binderfs", "./binderfs") = 0
[pid 430] memfd_create("syzkaller", 0) = 3
[pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 430] munmap(0x7fc743815000, 1048576) = 0
[pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.220411][ T427] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 29.234761][ T427] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 430] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 430] close(3) = 0
[pid 430] mkdir("./file0", 0777) = 0
[pid 430] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 430] chdir("./file0") = 0
[pid 430] ioctl(4, LOOP_CLR_FD) = 0
[pid 430] close(4) = 0
[pid 430] creat("./bus", 000) = 4
[pid 430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 430] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 430] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 430] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.286613][ T430] loop0: detected capacity change from 0 to 2048
[ 29.324276][ T430] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 430] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 430] exit_group(0) = ?
[pid 430] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 433
./strace-static-x86_64: Process 433 attached
[pid 433] set_robust_list(0x555557505660, 24) = 0
[pid 433] chdir("./42") = 0
[pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 433] setpgid(0, 0) = 0
[pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 433] write(3, "1000", 4) = 4
[pid 433] close(3) = 0
[pid 433] symlink("/dev/binderfs", "./binderfs") = 0
[pid 433] memfd_create("syzkaller", 0) = 3
[pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 433] munmap(0x7fc743815000, 1048576) = 0
[pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 433] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 433] close(3) = 0
[pid 433] mkdir("./file0", 0777) = 0
[pid 433] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 433] chdir("./file0") = 0
[pid 433] ioctl(4, LOOP_CLR_FD) = 0
[pid 433] close(4) = 0
[pid 433] creat("./bus", 000) = 4
[pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 433] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 433] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.336878][ T430] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 29.375989][ T433] loop0: detected capacity change from 0 to 2048
[pid 433] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 433] exit_group(0) = ?
[pid 433] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 436
./strace-static-x86_64: Process 436 attached
[pid 436] set_robust_list(0x555557505660, 24) = 0
[pid 436] chdir("./43") = 0
[pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 436] setpgid(0, 0) = 0
[pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 436] write(3, "1000", 4) = 4
[pid 436] close(3) = 0
[pid 436] symlink("/dev/binderfs", "./binderfs") = 0
[pid 436] memfd_create("syzkaller", 0) = 3
[pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 436] munmap(0x7fc743815000, 1048576) = 0
[pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.399863][ T433] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 29.412222][ T433] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 436] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 436] close(3) = 0
[pid 436] mkdir("./file0", 0777) = 0
[pid 436] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 436] chdir("./file0") = 0
[pid 436] ioctl(4, LOOP_CLR_FD) = 0
[pid 436] close(4) = 0
[pid 436] creat("./bus", 000) = 4
[pid 436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 436] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 436] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 436] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.456916][ T436] loop0: detected capacity change from 0 to 2048
[ 29.487410][ T436] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 436] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 436] exit_group(0) = ?
[pid 436] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 439
./strace-static-x86_64: Process 439 attached
[pid 439] set_robust_list(0x555557505660, 24) = 0
[pid 439] chdir("./44") = 0
[pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 439] setpgid(0, 0) = 0
[pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 439] write(3, "1000", 4) = 4
[pid 439] close(3) = 0
[pid 439] symlink("/dev/binderfs", "./binderfs") = 0
[pid 439] memfd_create("syzkaller", 0) = 3
[pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 439] munmap(0x7fc743815000, 1048576) = 0
[pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.500833][ T436] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 439] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 439] close(3) = 0
[pid 439] mkdir("./file0", 0777) = 0
[pid 439] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 439] chdir("./file0") = 0
[pid 439] ioctl(4, LOOP_CLR_FD) = 0
[pid 439] close(4) = 0
[pid 439] creat("./bus", 000) = 4
[pid 439] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 439] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 439] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.549689][ T439] loop0: detected capacity change from 0 to 2048
[pid 439] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 439] exit_group(0) = ?
[pid 439] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 442
./strace-static-x86_64: Process 442 attached
[pid 442] set_robust_list(0x555557505660, 24) = 0
[pid 442] chdir("./45") = 0
[pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 442] setpgid(0, 0) = 0
[pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 442] write(3, "1000", 4) = 4
[pid 442] close(3) = 0
[pid 442] symlink("/dev/binderfs", "./binderfs") = 0
[pid 442] memfd_create("syzkaller", 0) = 3
[pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 442] munmap(0x7fc743815000, 1048576) = 0
[pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.588232][ T439] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 29.600725][ T439] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 442] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 442] close(3) = 0
[pid 442] mkdir("./file0", 0777) = 0
[pid 442] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 442] chdir("./file0") = 0
[pid 442] ioctl(4, LOOP_CLR_FD) = 0
[pid 442] close(4) = 0
[pid 442] creat("./bus", 000) = 4
[pid 442] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 442] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 442] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 442] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.647784][ T442] loop0: detected capacity change from 0 to 2048
[ 29.680644][ T442] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 442] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 442] exit_group(0) = ?
[pid 442] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=442, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 446
./strace-static-x86_64: Process 446 attached
[pid 446] set_robust_list(0x555557505660, 24) = 0
[pid 446] chdir("./46") = 0
[pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 446] setpgid(0, 0) = 0
[pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 446] write(3, "1000", 4) = 4
[pid 446] close(3) = 0
[pid 446] symlink("/dev/binderfs", "./binderfs") = 0
[pid 446] memfd_create("syzkaller", 0) = 3
[pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 446] munmap(0x7fc743815000, 1048576) = 0
[pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 446] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 446] close(3) = 0
[pid 446] mkdir("./file0", 0777) = 0
[pid 446] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 446] chdir("./file0") = 0
[pid 446] ioctl(4, LOOP_CLR_FD) = 0
[pid 446] close(4) = 0
[pid 446] creat("./bus", 000) = 4
[pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 446] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 446] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[ 29.692995][ T442] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 29.732147][ T446] loop0: detected capacity change from 0 to 2048
[pid 446] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 446] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 446] exit_group(0) = ?
[pid 446] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 449
./strace-static-x86_64: Process 449 attached
[pid 449] set_robust_list(0x555557505660, 24) = 0
[pid 449] chdir("./47") = 0
[pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 449] setpgid(0, 0) = 0
[pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 449] write(3, "1000", 4) = 4
[pid 449] close(3) = 0
[pid 449] symlink("/dev/binderfs", "./binderfs") = 0
[pid 449] memfd_create("syzkaller", 0) = 3
[pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 449] munmap(0x7fc743815000, 1048576) = 0
[pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.759752][ T446] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 29.772027][ T446] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 449] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 449] close(3) = 0
[pid 449] mkdir("./file0", 0777) = 0
[pid 449] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 449] chdir("./file0") = 0
[pid 449] ioctl(4, LOOP_CLR_FD) = 0
[pid 449] close(4) = 0
[pid 449] creat("./bus", 000) = 4
[pid 449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 449] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 449] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 449] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.816935][ T449] loop0: detected capacity change from 0 to 2048
[ 29.848107][ T449] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 449] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 449] exit_group(0) = ?
[pid 449] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 453 attached
, child_tidptr=0x555557505650) = 453
[pid 453] set_robust_list(0x555557505660, 24) = 0
[pid 453] chdir("./48") = 0
[pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 453] setpgid(0, 0) = 0
[pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 453] write(3, "1000", 4) = 4
[pid 453] close(3) = 0
[pid 453] symlink("/dev/binderfs", "./binderfs") = 0
[pid 453] memfd_create("syzkaller", 0) = 3
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 453] munmap(0x7fc743815000, 1048576) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 453] close(3) = 0
[pid 453] mkdir("./file0", 0777) = 0
[pid 453] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 453] chdir("./file0") = 0
[pid 453] ioctl(4, LOOP_CLR_FD) = 0
[pid 453] close(4) = 0
[pid 453] creat("./bus", 000) = 4
[pid 453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 453] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 453] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 453] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.860477][ T449] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 29.904985][ T453] loop0: detected capacity change from 0 to 2048
[pid 453] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 453] exit_group(0) = ?
[pid 453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 456 attached
, child_tidptr=0x555557505650) = 456
[pid 456] set_robust_list(0x555557505660, 24) = 0
[pid 456] chdir("./49") = 0
[pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 456] setpgid(0, 0) = 0
[pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 456] write(3, "1000", 4) = 4
[pid 456] close(3) = 0
[pid 456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 456] memfd_create("syzkaller", 0) = 3
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 456] munmap(0x7fc743815000, 1048576) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 29.936280][ T453] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 29.948836][ T453] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 456] close(3) = 0
[pid 456] mkdir("./file0", 0777) = 0
[pid 456] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 456] chdir("./file0") = 0
[pid 456] ioctl(4, LOOP_CLR_FD) = 0
[pid 456] close(4) = 0
[pid 456] creat("./bus", 000) = 4
[pid 456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 456] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 456] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 456] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 29.992085][ T456] loop0: detected capacity change from 0 to 2048
[ 30.020018][ T456] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 456] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 456] exit_group(0) = ?
[pid 456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 459 attached
<unfinished ...>
[pid 459] set_robust_list(0x555557505660, 24) = 0
[pid 459] chdir("./50") = 0
[pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 459] setpgid(0, 0) = 0
[pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 459] write(3, "1000", 4) = 4
[pid 459] close(3) = 0
[pid 459] symlink("/dev/binderfs", "./binderfs") = 0
[pid 459] memfd_create("syzkaller", 0) = 3
[pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 459
[pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 459] munmap(0x7fc743815000, 1048576) = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.032753][ T456] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 459] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 459] close(3) = 0
[pid 459] mkdir("./file0", 0777) = 0
[pid 459] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 459] chdir("./file0") = 0
[pid 459] ioctl(4, LOOP_CLR_FD) = 0
[pid 459] close(4) = 0
[pid 459] creat("./bus", 000) = 4
[pid 459] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 459] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 459] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 459] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.073983][ T459] loop0: detected capacity change from 0 to 2048
[ 30.099506][ T459] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 459] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 459] exit_group(0) = ?
[pid 459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 462
./strace-static-x86_64: Process 462 attached
[pid 462] set_robust_list(0x555557505660, 24) = 0
[pid 462] chdir("./51") = 0
[pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 462] setpgid(0, 0) = 0
[pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 462] write(3, "1000", 4) = 4
[pid 462] close(3) = 0
[pid 462] symlink("/dev/binderfs", "./binderfs") = 0
[pid 462] memfd_create("syzkaller", 0) = 3
[pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 462] munmap(0x7fc743815000, 1048576) = 0
[ 30.111935][ T459] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 462] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 462] close(3) = 0
[pid 462] mkdir("./file0", 0777) = 0
[pid 462] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 462] chdir("./file0") = 0
[pid 462] ioctl(4, LOOP_CLR_FD) = 0
[pid 462] close(4) = 0
[pid 462] creat("./bus", 000) = 4
[pid 462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 462] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 462] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 462] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.152383][ T462] loop0: detected capacity change from 0 to 2048
[pid 462] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 462] exit_group(0) = ?
[pid 462] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 465
./strace-static-x86_64: Process 465 attached
[pid 465] set_robust_list(0x555557505660, 24) = 0
[pid 465] chdir("./52") = 0
[pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 465] setpgid(0, 0) = 0
[pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 465] write(3, "1000", 4) = 4
[pid 465] close(3) = 0
[pid 465] symlink("/dev/binderfs", "./binderfs") = 0
[pid 465] memfd_create("syzkaller", 0) = 3
[pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 465] munmap(0x7fc743815000, 1048576) = 0
[pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 465] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 465] close(3) = 0
[pid 465] mkdir("./file0", 0777) = 0
[ 30.192521][ T462] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 30.205037][ T462] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 465] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 465] chdir("./file0") = 0
[pid 465] ioctl(4, LOOP_CLR_FD) = 0
[pid 465] close(4) = 0
[pid 465] creat("./bus", 000) = 4
[pid 465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 465] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 465] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 465] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.251370][ T465] loop0: detected capacity change from 0 to 2048
[ 30.289262][ T465] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 465] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 465] exit_group(0) = ?
[pid 465] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 468 attached
, child_tidptr=0x555557505650) = 468
[pid 468] set_robust_list(0x555557505660, 24) = 0
[pid 468] chdir("./53") = 0
[pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 468] setpgid(0, 0) = 0
[pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 468] write(3, "1000", 4) = 4
[pid 468] close(3) = 0
[pid 468] symlink("/dev/binderfs", "./binderfs") = 0
[pid 468] memfd_create("syzkaller", 0) = 3
[pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 468] munmap(0x7fc743815000, 1048576) = 0
[pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.301655][ T465] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 468] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 468] close(3) = 0
[pid 468] mkdir("./file0", 0777) = 0
[pid 468] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 468] chdir("./file0") = 0
[pid 468] ioctl(4, LOOP_CLR_FD) = 0
[pid 468] close(4) = 0
[pid 468] creat("./bus", 000) = 4
[pid 468] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 468] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 468] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 468] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 468] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 468] exit_group(0) = ?
[pid 468] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 471
./strace-static-x86_64: Process 471 attached
[pid 471] set_robust_list(0x555557505660, 24) = 0
[pid 471] chdir("./54") = 0
[pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 471] setpgid(0, 0) = 0
[pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 471] write(3, "1000", 4) = 4
[pid 471] close(3) = 0
[pid 471] symlink("/dev/binderfs", "./binderfs") = 0
[pid 471] memfd_create("syzkaller", 0) = 3
[pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 471] munmap(0x7fc743815000, 1048576) = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.345762][ T468] loop0: detected capacity change from 0 to 2048
[ 30.368800][ T468] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 30.381191][ T468] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 471] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 471] close(3) = 0
[pid 471] mkdir("./file0", 0777) = 0
[pid 471] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 471] chdir("./file0") = 0
[pid 471] ioctl(4, LOOP_CLR_FD) = 0
[pid 471] close(4) = 0
[pid 471] creat("./bus", 000) = 4
[pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 471] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 471] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 471] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 471] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 471] exit_group(0) = ?
[ 30.423370][ T471] loop0: detected capacity change from 0 to 2048
[ 30.448494][ T471] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 471] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 474
./strace-static-x86_64: Process 474 attached
[pid 474] set_robust_list(0x555557505660, 24) = 0
[pid 474] chdir("./55") = 0
[pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 474] setpgid(0, 0) = 0
[pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 474] write(3, "1000", 4) = 4
[pid 474] close(3) = 0
[pid 474] symlink("/dev/binderfs", "./binderfs") = 0
[pid 474] memfd_create("syzkaller", 0) = 3
[pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 474] munmap(0x7fc743815000, 1048576) = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.461390][ T471] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 474] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 474] close(3) = 0
[pid 474] mkdir("./file0", 0777) = 0
[pid 474] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 474] chdir("./file0") = 0
[pid 474] ioctl(4, LOOP_CLR_FD) = 0
[pid 474] close(4) = 0
[pid 474] creat("./bus", 000) = 4
[pid 474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 474] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 474] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 474] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.505631][ T474] loop0: detected capacity change from 0 to 2048
[pid 474] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 474] exit_group(0) = ?
[pid 474] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 477
./strace-static-x86_64: Process 477 attached
[pid 477] set_robust_list(0x555557505660, 24) = 0
[pid 477] chdir("./56") = 0
[pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 477] setpgid(0, 0) = 0
[pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 477] write(3, "1000", 4) = 4
[pid 477] close(3) = 0
[pid 477] symlink("/dev/binderfs", "./binderfs") = 0
[pid 477] memfd_create("syzkaller", 0) = 3
[pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 477] munmap(0x7fc743815000, 1048576) = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.546069][ T474] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 30.558438][ T474] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 477] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 477] close(3) = 0
[pid 477] mkdir("./file0", 0777) = 0
[pid 477] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 477] chdir("./file0") = 0
[pid 477] ioctl(4, LOOP_CLR_FD) = 0
[pid 477] close(4) = 0
[pid 477] creat("./bus", 000) = 4
[pid 477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 477] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 477] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 477] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.596249][ T477] loop0: detected capacity change from 0 to 2048
[ 30.631011][ T477] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 477] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 477] exit_group(0) = ?
[pid 477] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 480
./strace-static-x86_64: Process 480 attached
[pid 480] set_robust_list(0x555557505660, 24) = 0
[pid 480] chdir("./57") = 0
[pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 480] setpgid(0, 0) = 0
[pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 480] write(3, "1000", 4) = 4
[pid 480] close(3) = 0
[pid 480] symlink("/dev/binderfs", "./binderfs") = 0
[pid 480] memfd_create("syzkaller", 0) = 3
[pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 480] munmap(0x7fc743815000, 1048576) = 0
[pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.643708][ T477] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 480] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 480] close(3) = 0
[pid 480] mkdir("./file0", 0777) = 0
[pid 480] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 480] chdir("./file0") = 0
[pid 480] ioctl(4, LOOP_CLR_FD) = 0
[pid 480] close(4) = 0
[pid 480] creat("./bus", 000) = 4
[pid 480] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 480] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 480] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 480] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 480] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 480] exit_group(0) = ?
[ 30.687118][ T480] loop0: detected capacity change from 0 to 2048
[ 30.710561][ T480] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 30.722781][ T480] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 480] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 484 attached
, child_tidptr=0x555557505650) = 484
[pid 484] set_robust_list(0x555557505660, 24) = 0
[pid 484] chdir("./58") = 0
[pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 484] setpgid(0, 0) = 0
[pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 484] write(3, "1000", 4) = 4
[pid 484] close(3) = 0
[pid 484] symlink("/dev/binderfs", "./binderfs") = 0
[pid 484] memfd_create("syzkaller", 0) = 3
[pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 484] munmap(0x7fc743815000, 1048576) = 0
[pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 484] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 484] close(3) = 0
[pid 484] mkdir("./file0", 0777) = 0
[pid 484] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 484] chdir("./file0") = 0
[pid 484] ioctl(4, LOOP_CLR_FD) = 0
[pid 484] close(4) = 0
[pid 484] creat("./bus", 000) = 4
[pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 484] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 484] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 484] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 484] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 484] exit_group(0) = ?
[pid 484] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 487
./strace-static-x86_64: Process 487 attached
[pid 487] set_robust_list(0x555557505660, 24) = 0
[pid 487] chdir("./59") = 0
[pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 487] setpgid(0, 0) = 0
[pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 487] write(3, "1000", 4) = 4
[pid 487] close(3) = 0
[pid 487] symlink("/dev/binderfs", "./binderfs") = 0
[pid 487] memfd_create("syzkaller", 0) = 3
[pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 487] munmap(0x7fc743815000, 1048576) = 0
[pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.778887][ T484] loop0: detected capacity change from 0 to 2048
[ 30.799799][ T484] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 30.812011][ T484] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 487] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 487] close(3) = 0
[pid 487] mkdir("./file0", 0777) = 0
[pid 487] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 487] chdir("./file0") = 0
[pid 487] ioctl(4, LOOP_CLR_FD) = 0
[pid 487] close(4) = 0
[pid 487] creat("./bus", 000) = 4
[pid 487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 487] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 487] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 487] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 487] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 487] exit_group(0) = ?
[pid 487] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=487, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 490
./strace-static-x86_64: Process 490 attached
[pid 490] set_robust_list(0x555557505660, 24) = 0
[pid 490] chdir("./60") = 0
[pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 490] setpgid(0, 0) = 0
[pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 490] write(3, "1000", 4) = 4
[pid 490] close(3) = 0
[pid 490] symlink("/dev/binderfs", "./binderfs") = 0
[pid 490] memfd_create("syzkaller", 0) = 3
[pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 490] munmap(0x7fc743815000, 1048576) = 0
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 30.858040][ T487] loop0: detected capacity change from 0 to 2048
[ 30.880526][ T487] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 30.893402][ T487] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 490] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 490] close(3) = 0
[pid 490] mkdir("./file0", 0777) = 0
[pid 490] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 490] chdir("./file0") = 0
[pid 490] ioctl(4, LOOP_CLR_FD) = 0
[pid 490] close(4) = 0
[pid 490] creat("./bus", 000) = 4
[pid 490] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 490] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 490] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.933119][ T490] loop0: detected capacity change from 0 to 2048
[ 30.964000][ T490] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 490] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 490] exit_group(0) = ?
[pid 490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 493
./strace-static-x86_64: Process 493 attached
[pid 493] set_robust_list(0x555557505660, 24) = 0
[pid 493] chdir("./61") = 0
[pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 493] setpgid(0, 0) = 0
[pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 493] write(3, "1000", 4) = 4
[pid 493] close(3) = 0
[pid 493] symlink("/dev/binderfs", "./binderfs") = 0
[pid 493] memfd_create("syzkaller", 0) = 3
[pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 493] munmap(0x7fc743815000, 1048576) = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 493] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 493] close(3) = 0
[pid 493] mkdir("./file0", 0777) = 0
[pid 493] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 493] chdir("./file0") = 0
[pid 493] ioctl(4, LOOP_CLR_FD) = 0
[pid 493] close(4) = 0
[pid 493] creat("./bus", 000) = 4
[pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 493] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 493] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 493] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 30.976349][ T490] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 31.014140][ T493] loop0: detected capacity change from 0 to 2048
[pid 493] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 493] exit_group(0) = ?
[pid 493] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 496
./strace-static-x86_64: Process 496 attached
[pid 496] set_robust_list(0x555557505660, 24) = 0
[pid 496] chdir("./62") = 0
[pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 496] setpgid(0, 0) = 0
[pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 496] write(3, "1000", 4) = 4
[pid 496] close(3) = 0
[pid 496] symlink("/dev/binderfs", "./binderfs") = 0
[pid 496] memfd_create("syzkaller", 0) = 3
[pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 496] munmap(0x7fc743815000, 1048576) = 0
[pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.037467][ T493] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 31.049828][ T493] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 496] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 496] close(3) = 0
[pid 496] mkdir("./file0", 0777) = 0
[pid 496] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 496] chdir("./file0") = 0
[pid 496] ioctl(4, LOOP_CLR_FD) = 0
[pid 496] close(4) = 0
[pid 496] creat("./bus", 000) = 4
[pid 496] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 496] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 496] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 496] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.085085][ T496] loop0: detected capacity change from 0 to 2048
[pid 496] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 496] exit_group(0) = ?
[pid 496] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 499
./strace-static-x86_64: Process 499 attached
[pid 499] set_robust_list(0x555557505660, 24) = 0
[pid 499] chdir("./63") = 0
[pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 499] setpgid(0, 0) = 0
[pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 499] write(3, "1000", 4) = 4
[pid 499] close(3) = 0
[pid 499] symlink("/dev/binderfs", "./binderfs") = 0
[pid 499] memfd_create("syzkaller", 0) = 3
[pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 499] munmap(0x7fc743815000, 1048576) = 0
[pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.109223][ T496] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 31.121730][ T496] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 499] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 499] close(3) = 0
[pid 499] mkdir("./file0", 0777) = 0
[pid 499] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 499] chdir("./file0") = 0
[pid 499] ioctl(4, LOOP_CLR_FD) = 0
[pid 499] close(4) = 0
[pid 499] creat("./bus", 000) = 4
[pid 499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 499] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 499] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 499] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.166088][ T499] loop0: detected capacity change from 0 to 2048
[ 31.200511][ T499] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 499] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 499] exit_group(0) = ?
[pid 499] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 502
./strace-static-x86_64: Process 502 attached
[pid 502] set_robust_list(0x555557505660, 24) = 0
[pid 502] chdir("./64") = 0
[pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 502] setpgid(0, 0) = 0
[pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 502] write(3, "1000", 4) = 4
[pid 502] close(3) = 0
[pid 502] symlink("/dev/binderfs", "./binderfs") = 0
[pid 502] memfd_create("syzkaller", 0) = 3
[pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 502] munmap(0x7fc743815000, 1048576) = 0
[pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 502] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 502] close(3) = 0
[pid 502] mkdir("./file0", 0777) = 0
[pid 502] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 502] chdir("./file0") = 0
[pid 502] ioctl(4, LOOP_CLR_FD) = 0
[pid 502] close(4) = 0
[pid 502] creat("./bus", 000) = 4
[pid 502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 502] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 502] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[ 31.212821][ T499] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 31.252033][ T502] loop0: detected capacity change from 0 to 2048
[pid 502] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 502] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 502] exit_group(0) = ?
[pid 502] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 505
./strace-static-x86_64: Process 505 attached
[pid 505] set_robust_list(0x555557505660, 24) = 0
[pid 505] chdir("./65") = 0
[pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 505] setpgid(0, 0) = 0
[pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 505] write(3, "1000", 4) = 4
[pid 505] close(3) = 0
[pid 505] symlink("/dev/binderfs", "./binderfs") = 0
[pid 505] memfd_create("syzkaller", 0) = 3
[pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 505] munmap(0x7fc743815000, 1048576) = 0
[pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.277050][ T502] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 31.289593][ T502] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 505] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 505] close(3) = 0
[pid 505] mkdir("./file0", 0777) = 0
[pid 505] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 505] chdir("./file0") = 0
[pid 505] ioctl(4, LOOP_CLR_FD) = 0
[pid 505] close(4) = 0
[pid 505] creat("./bus", 000) = 4
[pid 505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 505] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 505] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 505] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.332518][ T505] loop0: detected capacity change from 0 to 2048
[ 31.365098][ T505] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 505] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 505] exit_group(0) = ?
[pid 505] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 508 attached
, child_tidptr=0x555557505650) = 508
[pid 508] set_robust_list(0x555557505660, 24) = 0
[pid 508] chdir("./66") = 0
[pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 508] setpgid(0, 0) = 0
[pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 508] write(3, "1000", 4) = 4
[pid 508] close(3) = 0
[pid 508] symlink("/dev/binderfs", "./binderfs") = 0
[pid 508] memfd_create("syzkaller", 0) = 3
[pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 508] munmap(0x7fc743815000, 1048576) = 0
[pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.377426][ T505] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 508] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 508] close(3) = 0
[pid 508] mkdir("./file0", 0777) = 0
[pid 508] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 508] chdir("./file0") = 0
[pid 508] ioctl(4, LOOP_CLR_FD) = 0
[pid 508] close(4) = 0
[pid 508] creat("./bus", 000) = 4
[pid 508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 508] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 508] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 508] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.423072][ T508] loop0: detected capacity change from 0 to 2048
[ 31.448989][ T508] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 508] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 508] exit_group(0) = ?
[pid 508] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 511
./strace-static-x86_64: Process 511 attached
[pid 511] set_robust_list(0x555557505660, 24) = 0
[pid 511] chdir("./67") = 0
[pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 511] setpgid(0, 0) = 0
[pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 511] write(3, "1000", 4) = 4
[pid 511] close(3) = 0
[pid 511] symlink("/dev/binderfs", "./binderfs") = 0
[pid 511] memfd_create("syzkaller", 0) = 3
[pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 511] munmap(0x7fc743815000, 1048576) = 0
[pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.461349][ T508] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 511] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 511] close(3) = 0
[pid 511] mkdir("./file0", 0777) = 0
[pid 511] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 511] chdir("./file0") = 0
[pid 511] ioctl(4, LOOP_CLR_FD) = 0
[pid 511] close(4) = 0
[pid 511] creat("./bus", 000) = 4
[pid 511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 511] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 511] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 511] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.496191][ T511] loop0: detected capacity change from 0 to 2048
[ 31.519799][ T511] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 511] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 511] exit_group(0) = ?
[pid 511] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 514 attached
<unfinished ...>
[pid 514] set_robust_list(0x555557505660, 24) = 0
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 514
[pid 514] chdir("./68") = 0
[pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 514] setpgid(0, 0) = 0
[pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 514] write(3, "1000", 4) = 4
[pid 514] close(3) = 0
[pid 514] symlink("/dev/binderfs", "./binderfs") = 0
[pid 514] memfd_create("syzkaller", 0) = 3
[pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 514] munmap(0x7fc743815000, 1048576) = 0
[pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.532747][ T511] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 514] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 514] close(3) = 0
[pid 514] mkdir("./file0", 0777) = 0
[pid 514] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 514] chdir("./file0") = 0
[pid 514] ioctl(4, LOOP_CLR_FD) = 0
[pid 514] close(4) = 0
[pid 514] creat("./bus", 000) = 4
[pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 514] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 514] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 514] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.584120][ T514] loop0: detected capacity change from 0 to 2048
[ 31.621323][ T514] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 514] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 514] exit_group(0) = ?
[pid 514] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 517
./strace-static-x86_64: Process 517 attached
[pid 517] set_robust_list(0x555557505660, 24) = 0
[pid 517] chdir("./69") = 0
[pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 517] setpgid(0, 0) = 0
[pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 517] write(3, "1000", 4) = 4
[pid 517] close(3) = 0
[pid 517] symlink("/dev/binderfs", "./binderfs") = 0
[pid 517] memfd_create("syzkaller", 0) = 3
[pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 517] munmap(0x7fc743815000, 1048576) = 0
[pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 517] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 517] close(3) = 0
[pid 517] mkdir("./file0", 0777) = 0
[pid 517] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 517] chdir("./file0") = 0
[pid 517] ioctl(4, LOOP_CLR_FD) = 0
[pid 517] close(4) = 0
[pid 517] creat("./bus", 000) = 4
[pid 517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 517] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 517] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 517] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.633934][ T514] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 31.671883][ T517] loop0: detected capacity change from 0 to 2048
[pid 517] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 517] exit_group(0) = ?
[pid 517] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 521
./strace-static-x86_64: Process 521 attached
[pid 521] set_robust_list(0x555557505660, 24) = 0
[pid 521] chdir("./70") = 0
[pid 521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 521] setpgid(0, 0) = 0
[pid 521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 521] write(3, "1000", 4) = 4
[pid 521] close(3) = 0
[pid 521] symlink("/dev/binderfs", "./binderfs") = 0
[pid 521] memfd_create("syzkaller", 0) = 3
[pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 521] munmap(0x7fc743815000, 1048576) = 0
[pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.707525][ T517] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 31.720274][ T517] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 521] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 521] close(3) = 0
[pid 521] mkdir("./file0", 0777) = 0
[pid 521] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 521] chdir("./file0") = 0
[pid 521] ioctl(4, LOOP_CLR_FD) = 0
[pid 521] close(4) = 0
[pid 521] creat("./bus", 000) = 4
[pid 521] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 521] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 521] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 521] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 521] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 521] exit_group(0) = ?
[pid 521] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=521, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 524
./strace-static-x86_64: Process 524 attached
[pid 524] set_robust_list(0x555557505660, 24) = 0
[pid 524] chdir("./71") = 0
[pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 524] setpgid(0, 0) = 0
[pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 524] write(3, "1000", 4) = 4
[pid 524] close(3) = 0
[pid 524] symlink("/dev/binderfs", "./binderfs") = 0
[pid 524] memfd_create("syzkaller", 0) = 3
[pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[ 31.758736][ T521] loop0: detected capacity change from 0 to 2048
[ 31.780537][ T521] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 31.793181][ T521] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 524] munmap(0x7fc743815000, 1048576) = 0
[pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 524] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 524] close(3) = 0
[pid 524] mkdir("./file0", 0777) = 0
[pid 524] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 524] chdir("./file0") = 0
[pid 524] ioctl(4, LOOP_CLR_FD) = 0
[pid 524] close(4) = 0
[pid 524] creat("./bus", 000) = 4
[pid 524] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 524] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 524] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 524] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.841392][ T524] loop0: detected capacity change from 0 to 2048
[ 31.871753][ T524] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 524] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 524] exit_group(0) = ?
[pid 524] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=524, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 527 attached
, child_tidptr=0x555557505650) = 527
[pid 527] set_robust_list(0x555557505660, 24) = 0
[pid 527] chdir("./72") = 0
[pid 527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 527] setpgid(0, 0) = 0
[pid 527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 527] write(3, "1000", 4) = 4
[pid 527] close(3) = 0
[pid 527] symlink("/dev/binderfs", "./binderfs") = 0
[pid 527] memfd_create("syzkaller", 0) = 3
[pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 527] munmap(0x7fc743815000, 1048576) = 0
[pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 527] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 527] close(3) = 0
[pid 527] mkdir("./file0", 0777) = 0
[pid 527] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 527] chdir("./file0") = 0
[pid 527] ioctl(4, LOOP_CLR_FD) = 0
[pid 527] close(4) = 0
[pid 527] creat("./bus", 000) = 4
[pid 527] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 527] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 527] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 527] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 31.884222][ T524] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 31.931557][ T527] loop0: detected capacity change from 0 to 2048
[pid 527] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 527] exit_group(0) = ?
[pid 527] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=527, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 530 attached
, child_tidptr=0x555557505650) = 530
[pid 530] set_robust_list(0x555557505660, 24) = 0
[pid 530] chdir("./73") = 0
[pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 530] setpgid(0, 0) = 0
[pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 530] write(3, "1000", 4) = 4
[pid 530] close(3) = 0
[pid 530] symlink("/dev/binderfs", "./binderfs") = 0
[pid 530] memfd_create("syzkaller", 0) = 3
[pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 530] munmap(0x7fc743815000, 1048576) = 0
[pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 31.960664][ T527] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 31.972972][ T527] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 530] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 530] close(3) = 0
[pid 530] mkdir("./file0", 0777) = 0
[pid 530] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 530] chdir("./file0") = 0
[pid 530] ioctl(4, LOOP_CLR_FD) = 0
[pid 530] close(4) = 0
[pid 530] creat("./bus", 000) = 4
[pid 530] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 530] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 530] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 530] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.023460][ T530] loop0: detected capacity change from 0 to 2048
[ 32.049441][ T530] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 530] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 530] exit_group(0) = ?
[pid 530] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=530, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 533
./strace-static-x86_64: Process 533 attached
[pid 533] set_robust_list(0x555557505660, 24) = 0
[pid 533] chdir("./74") = 0
[pid 533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 533] setpgid(0, 0) = 0
[pid 533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 533] write(3, "1000", 4) = 4
[pid 533] close(3) = 0
[pid 533] symlink("/dev/binderfs", "./binderfs") = 0
[pid 533] memfd_create("syzkaller", 0) = 3
[pid 533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 533] munmap(0x7fc743815000, 1048576) = 0
[pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.061742][ T530] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 533] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 533] close(3) = 0
[pid 533] mkdir("./file0", 0777) = 0
[pid 533] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 533] chdir("./file0") = 0
[pid 533] ioctl(4, LOOP_CLR_FD) = 0
[pid 533] close(4) = 0
[pid 533] creat("./bus", 000) = 4
[pid 533] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 533] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 533] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 533] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.111224][ T533] loop0: detected capacity change from 0 to 2048
[ 32.139331][ T533] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 533] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 533] exit_group(0) = ?
[pid 533] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=533, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 537 attached
<unfinished ...>
[pid 537] set_robust_list(0x555557505660, 24) = 0
[pid 537] chdir("./75" <unfinished ...>
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 537
[pid 537] <... chdir resumed>) = 0
[pid 537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 537] setpgid(0, 0) = 0
[pid 537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 537] write(3, "1000", 4) = 4
[pid 537] close(3) = 0
[pid 537] symlink("/dev/binderfs", "./binderfs") = 0
[pid 537] memfd_create("syzkaller", 0) = 3
[pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 537] munmap(0x7fc743815000, 1048576) = 0
[pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.151618][ T533] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 537] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 537] close(3) = 0
[pid 537] mkdir("./file0", 0777) = 0
[pid 537] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 537] chdir("./file0") = 0
[pid 537] ioctl(4, LOOP_CLR_FD) = 0
[pid 537] close(4) = 0
[pid 537] creat("./bus", 000) = 4
[pid 537] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 537] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 537] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 537] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.193006][ T537] loop0: detected capacity change from 0 to 2048
[ 32.224261][ T537] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 537] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 537] exit_group(0) = ?
[pid 537] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=537, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./75/binderfs") = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 540
./strace-static-x86_64: Process 540 attached
[pid 540] set_robust_list(0x555557505660, 24) = 0
[pid 540] chdir("./76") = 0
[pid 540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 540] setpgid(0, 0) = 0
[pid 540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 540] write(3, "1000", 4) = 4
[pid 540] close(3) = 0
[pid 540] symlink("/dev/binderfs", "./binderfs") = 0
[pid 540] memfd_create("syzkaller", 0) = 3
[pid 540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 540] munmap(0x7fc743815000, 1048576) = 0
[pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 540] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 540] close(3) = 0
[pid 540] mkdir("./file0", 0777) = 0
[pid 540] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 540] chdir("./file0") = 0
[pid 540] ioctl(4, LOOP_CLR_FD) = 0
[pid 540] close(4) = 0
[pid 540] creat("./bus", 000) = 4
[pid 540] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 540] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 540] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 540] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.237064][ T537] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 32.282557][ T540] loop0: detected capacity change from 0 to 2048
[pid 540] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 540] exit_group(0) = ?
[pid 540] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=540, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./76/binderfs") = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 543
./strace-static-x86_64: Process 543 attached
[pid 543] set_robust_list(0x555557505660, 24) = 0
[pid 543] chdir("./77") = 0
[pid 543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 543] setpgid(0, 0) = 0
[pid 543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 543] write(3, "1000", 4) = 4
[pid 543] close(3) = 0
[pid 543] symlink("/dev/binderfs", "./binderfs") = 0
[pid 543] memfd_create("syzkaller", 0) = 3
[pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 543] munmap(0x7fc743815000, 1048576) = 0
[pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.310949][ T540] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 32.323424][ T540] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 543] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 543] close(3) = 0
[pid 543] mkdir("./file0", 0777) = 0
[pid 543] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 543] chdir("./file0") = 0
[pid 543] ioctl(4, LOOP_CLR_FD) = 0
[pid 543] close(4) = 0
[pid 543] creat("./bus", 000) = 4
[pid 543] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 543] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 543] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 543] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.362644][ T543] loop0: detected capacity change from 0 to 2048
[ 32.388603][ T543] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 543] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 543] exit_group(0) = ?
[pid 543] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=543, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./77/binderfs") = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 546
./strace-static-x86_64: Process 546 attached
[pid 546] set_robust_list(0x555557505660, 24) = 0
[pid 546] chdir("./78") = 0
[pid 546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 546] setpgid(0, 0) = 0
[pid 546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 546] write(3, "1000", 4) = 4
[pid 546] close(3) = 0
[pid 546] symlink("/dev/binderfs", "./binderfs") = 0
[pid 546] memfd_create("syzkaller", 0) = 3
[pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 546] munmap(0x7fc743815000, 1048576) = 0
[pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.401110][ T543] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 546] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 546] close(3) = 0
[pid 546] mkdir("./file0", 0777) = 0
[pid 546] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 546] chdir("./file0") = 0
[pid 546] ioctl(4, LOOP_CLR_FD) = 0
[pid 546] close(4) = 0
[pid 546] creat("./bus", 000) = 4
[pid 546] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 546] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 546] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 546] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 546] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[ 32.442091][ T546] loop0: detected capacity change from 0 to 2048
[ 32.470764][ T546] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 546] exit_group(0) = ?
[pid 546] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=546, si_uid=0, si_status=0, si_utime=1, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./78/binderfs") = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 549
./strace-static-x86_64: Process 549 attached
[pid 549] set_robust_list(0x555557505660, 24) = 0
[pid 549] chdir("./79") = 0
[pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 549] setpgid(0, 0) = 0
[pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 549] write(3, "1000", 4) = 4
[pid 549] close(3) = 0
[pid 549] symlink("/dev/binderfs", "./binderfs") = 0
[pid 549] memfd_create("syzkaller", 0) = 3
[pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 549] munmap(0x7fc743815000, 1048576) = 0
[pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.483355][ T546] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 549] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 549] close(3) = 0
[pid 549] mkdir("./file0", 0777) = 0
[pid 549] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 549] chdir("./file0") = 0
[pid 549] ioctl(4, LOOP_CLR_FD) = 0
[pid 549] close(4) = 0
[pid 549] creat("./bus", 000) = 4
[pid 549] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 549] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 549] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 549] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 549] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 549] exit_group(0) = ?
[pid 549] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=549, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./79/binderfs") = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 552
./strace-static-x86_64: Process 552 attached
[pid 552] set_robust_list(0x555557505660, 24) = 0
[pid 552] chdir("./80") = 0
[pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 552] setpgid(0, 0) = 0
[pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 552] write(3, "1000", 4) = 4
[pid 552] close(3) = 0
[pid 552] symlink("/dev/binderfs", "./binderfs") = 0
[pid 552] memfd_create("syzkaller", 0) = 3
[pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 552] munmap(0x7fc743815000, 1048576) = 0
[pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.539024][ T549] loop0: detected capacity change from 0 to 2048
[ 32.559349][ T549] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 32.573373][ T549] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[pid 552] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 552] close(3) = 0
[pid 552] mkdir("./file0", 0777) = 0
[pid 552] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 552] chdir("./file0") = 0
[pid 552] ioctl(4, LOOP_CLR_FD) = 0
[pid 552] close(4) = 0
[pid 552] creat("./bus", 000) = 4
[pid 552] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 552] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 552] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 552] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 552] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 552] exit_group(0) = ?
[pid 552] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=552, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./80/binderfs") = 0
[ 32.618317][ T552] loop0: detected capacity change from 0 to 2048
[ 32.640065][ T552] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 32.652759][ T552] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 555
./strace-static-x86_64: Process 555 attached
[pid 555] set_robust_list(0x555557505660, 24) = 0
[pid 555] chdir("./81") = 0
[pid 555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 555] setpgid(0, 0) = 0
[pid 555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 555] write(3, "1000", 4) = 4
[pid 555] close(3) = 0
[pid 555] symlink("/dev/binderfs", "./binderfs") = 0
[pid 555] memfd_create("syzkaller", 0) = 3
[pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 555] munmap(0x7fc743815000, 1048576) = 0
[pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 555] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 555] close(3) = 0
[pid 555] mkdir("./file0", 0777) = 0
[ 32.674170][ T298] EXT4-fs unmount: 98 callbacks suppressed
[ 32.674181][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 32.706699][ T555] loop0: detected capacity change from 0 to 2048
[pid 555] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 555] chdir("./file0") = 0
[pid 555] ioctl(4, LOOP_CLR_FD) = 0
[pid 555] close(4) = 0
[pid 555] creat("./bus", 000) = 4
[pid 555] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 555] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 555] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 555] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 555] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 555] exit_group(0) = ?
[pid 555] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=555, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./81/binderfs") = 0
[ 32.720351][ T555] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.741528][ T555] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 32.753971][ T555] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 559
./strace-static-x86_64: Process 559 attached
[pid 559] set_robust_list(0x555557505660, 24) = 0
[pid 559] chdir("./82") = 0
[pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 559] setpgid(0, 0) = 0
[pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 559] write(3, "1000", 4) = 4
[pid 559] close(3) = 0
[pid 559] symlink("/dev/binderfs", "./binderfs") = 0
[pid 559] memfd_create("syzkaller", 0) = 3
[pid 559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 559] munmap(0x7fc743815000, 1048576) = 0
[pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 559] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 559] close(3) = 0
[pid 559] mkdir("./file0", 0777) = 0
[ 32.777750][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 32.817334][ T559] loop0: detected capacity change from 0 to 2048
[pid 559] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 559] chdir("./file0") = 0
[pid 559] ioctl(4, LOOP_CLR_FD) = 0
[pid 559] close(4) = 0
[pid 559] creat("./bus", 000) = 4
[pid 559] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 559] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 559] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 559] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 559] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 559] exit_group(0) = ?
[pid 559] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=559, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./82/binderfs") = 0
[ 32.829598][ T559] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.847282][ T559] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 32.859500][ T559] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 562
./strace-static-x86_64: Process 562 attached
[pid 562] set_robust_list(0x555557505660, 24) = 0
[pid 562] chdir("./83") = 0
[pid 562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 562] setpgid(0, 0) = 0
[pid 562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 562] write(3, "1000", 4) = 4
[pid 562] close(3) = 0
[pid 562] symlink("/dev/binderfs", "./binderfs") = 0
[pid 562] memfd_create("syzkaller", 0) = 3
[pid 562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 562] munmap(0x7fc743815000, 1048576) = 0
[pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 562] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 562] close(3) = 0
[pid 562] mkdir("./file0", 0777) = 0
[pid 562] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 562] chdir("./file0") = 0
[pid 562] ioctl(4, LOOP_CLR_FD) = 0
[pid 562] close(4) = 0
[pid 562] creat("./bus", 000) = 4
[pid 562] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 562] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 562] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.882161][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 32.906268][ T562] loop0: detected capacity change from 0 to 2048
[ 32.920102][ T562] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 562] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 562] exit_group(0) = ?
[pid 562] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=562, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./83/binderfs") = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 565 attached
, child_tidptr=0x555557505650) = 565
[pid 565] set_robust_list(0x555557505660, 24) = 0
[pid 565] chdir("./84") = 0
[pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 565] setpgid(0, 0) = 0
[pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 565] write(3, "1000", 4) = 4
[pid 565] close(3) = 0
[pid 565] symlink("/dev/binderfs", "./binderfs") = 0
[pid 565] memfd_create("syzkaller", 0) = 3
[pid 565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 565] munmap(0x7fc743815000, 1048576) = 0
[pid 565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.937244][ T562] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 32.949655][ T562] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 32.967984][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 565] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 565] close(3) = 0
[pid 565] mkdir("./file0", 0777) = 0
[pid 565] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 565] chdir("./file0") = 0
[pid 565] ioctl(4, LOOP_CLR_FD) = 0
[pid 565] close(4) = 0
[pid 565] creat("./bus", 000) = 4
[pid 565] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 565] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 565] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 565] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 32.998374][ T565] loop0: detected capacity change from 0 to 2048
[ 33.010465][ T565] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.026256][ T565] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 565] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 565] exit_group(0) = ?
[pid 565] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=565, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./84/binderfs") = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 568
./strace-static-x86_64: Process 568 attached
[pid 568] set_robust_list(0x555557505660, 24) = 0
[pid 568] chdir("./85") = 0
[pid 568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 568] setpgid(0, 0) = 0
[pid 568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 568] write(3, "1000", 4) = 4
[pid 568] close(3) = 0
[pid 568] symlink("/dev/binderfs", "./binderfs") = 0
[pid 568] memfd_create("syzkaller", 0) = 3
[pid 568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 568] munmap(0x7fc743815000, 1048576) = 0
[pid 568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 568] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 568] close(3) = 0
[pid 568] mkdir("./file0", 0777) = 0
[ 33.038813][ T565] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 33.061022][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 33.085293][ T568] loop0: detected capacity change from 0 to 2048
[pid 568] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 568] chdir("./file0") = 0
[pid 568] ioctl(4, LOOP_CLR_FD) = 0
[pid 568] close(4) = 0
[pid 568] creat("./bus", 000) = 4
[pid 568] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 568] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 568] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 568] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 568] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 568] exit_group(0) = ?
[pid 568] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=568, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 33.100305][ T568] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.117809][ T568] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 33.130054][ T568] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./85/binderfs") = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 571
./strace-static-x86_64: Process 571 attached
[pid 571] set_robust_list(0x555557505660, 24) = 0
[pid 571] chdir("./86") = 0
[pid 571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 571] setpgid(0, 0) = 0
[pid 571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 571] write(3, "1000", 4) = 4
[pid 571] close(3) = 0
[pid 571] symlink("/dev/binderfs", "./binderfs") = 0
[pid 571] memfd_create("syzkaller", 0) = 3
[pid 571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 571] munmap(0x7fc743815000, 1048576) = 0
[pid 571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.150111][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 571] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 571] close(3) = 0
[pid 571] mkdir("./file0", 0777) = 0
[pid 571] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 571] chdir("./file0") = 0
[pid 571] ioctl(4, LOOP_CLR_FD) = 0
[pid 571] close(4) = 0
[pid 571] creat("./bus", 000) = 4
[pid 571] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 571] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 571] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 571] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 33.174147][ T571] loop0: detected capacity change from 0 to 2048
[ 33.190083][ T571] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.206221][ T571] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 571] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 571] exit_group(0) = ?
[pid 571] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=571, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./86/binderfs") = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 574
./strace-static-x86_64: Process 574 attached
[pid 574] set_robust_list(0x555557505660, 24) = 0
[pid 574] chdir("./87") = 0
[pid 574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 574] setpgid(0, 0) = 0
[pid 574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 574] write(3, "1000", 4) = 4
[pid 574] close(3) = 0
[pid 574] symlink("/dev/binderfs", "./binderfs") = 0
[pid 574] memfd_create("syzkaller", 0) = 3
[pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 574] munmap(0x7fc743815000, 1048576) = 0
[pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.218817][ T571] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 33.237208][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 574] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 574] close(3) = 0
[pid 574] mkdir("./file0", 0777) = 0
[pid 574] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 574] chdir("./file0") = 0
[pid 574] ioctl(4, LOOP_CLR_FD) = 0
[pid 574] close(4) = 0
[pid 574] creat("./bus", 000) = 4
[pid 574] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 574] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 574] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[ 33.266987][ T574] loop0: detected capacity change from 0 to 2048
[ 33.279864][ T574] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 574] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 574] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 574] exit_group(0) = ?
[pid 574] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=574, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./87/binderfs") = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 577
./strace-static-x86_64: Process 577 attached
[pid 577] set_robust_list(0x555557505660, 24) = 0
[pid 577] chdir("./88") = 0
[pid 577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 577] setpgid(0, 0) = 0
[pid 577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 577] write(3, "1000", 4) = 4
[pid 577] close(3) = 0
[pid 577] symlink("/dev/binderfs", "./binderfs") = 0
[pid 577] memfd_create("syzkaller", 0) = 3
[pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 577] munmap(0x7fc743815000, 1048576) = 0
[pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.313262][ T574] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 33.325664][ T574] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 33.347467][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 577] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 577] close(3) = 0
[pid 577] mkdir("./file0", 0777) = 0
[pid 577] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 577] chdir("./file0") = 0
[pid 577] ioctl(4, LOOP_CLR_FD) = 0
[pid 577] close(4) = 0
[pid 577] creat("./bus", 000) = 4
[pid 577] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 577] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 577] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 577] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 33.377171][ T577] loop0: detected capacity change from 0 to 2048
[ 33.390248][ T577] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.408624][ T577] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 577] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 577] exit_group(0) = ?
[pid 577] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=577, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./88/binderfs") = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 580
./strace-static-x86_64: Process 580 attached
[pid 580] set_robust_list(0x555557505660, 24) = 0
[pid 580] chdir("./89") = 0
[pid 580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 580] setpgid(0, 0) = 0
[pid 580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 580] write(3, "1000", 4) = 4
[pid 580] close(3) = 0
[pid 580] symlink("/dev/binderfs", "./binderfs") = 0
[pid 580] memfd_create("syzkaller", 0) = 3
[pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 580] munmap(0x7fc743815000, 1048576) = 0
[pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 580] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 580] close(3) = 0
[pid 580] mkdir("./file0", 0777) = 0
[ 33.420910][ T577] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 33.441722][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 33.467398][ T580] loop0: detected capacity change from 0 to 2048
[pid 580] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 580] chdir("./file0") = 0
[pid 580] ioctl(4, LOOP_CLR_FD) = 0
[pid 580] close(4) = 0
[pid 580] creat("./bus", 000) = 4
[pid 580] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 580] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 580] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 580] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 580] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 580] exit_group(0) = ?
[pid 580] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=580, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./89/binderfs") = 0
[ 33.479698][ T580] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.497383][ T580] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 33.509628][ T580] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 583 attached
, child_tidptr=0x555557505650) = 583
[pid 583] set_robust_list(0x555557505660, 24) = 0
[pid 583] chdir("./90") = 0
[pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 583] setpgid(0, 0) = 0
[pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 583] write(3, "1000", 4) = 4
[pid 583] close(3) = 0
[pid 583] symlink("/dev/binderfs", "./binderfs") = 0
[pid 583] memfd_create("syzkaller", 0) = 3
[pid 583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 583] munmap(0x7fc743815000, 1048576) = 0
[pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 583] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 583] close(3) = 0
[pid 583] mkdir("./file0", 0777) = 0
[pid 583] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 583] chdir("./file0") = 0
[pid 583] ioctl(4, LOOP_CLR_FD) = 0
[pid 583] close(4) = 0
[pid 583] creat("./bus", 000) = 4
[pid 583] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 583] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 583] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 583] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 33.530782][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 33.554604][ T583] loop0: detected capacity change from 0 to 2048
[ 33.569741][ T583] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 583] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 583] exit_group(0) = ?
[pid 583] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=583, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./90/binderfs") = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 586
./strace-static-x86_64: Process 586 attached
[pid 586] set_robust_list(0x555557505660, 24) = 0
[pid 586] chdir("./91") = 0
[pid 586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 586] setpgid(0, 0) = 0
[pid 586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 586] write(3, "1000", 4) = 4
[pid 586] close(3) = 0
[pid 586] symlink("/dev/binderfs", "./binderfs") = 0
[pid 586] memfd_create("syzkaller", 0) = 3
[pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 586] munmap(0x7fc743815000, 1048576) = 0
[ 33.586681][ T583] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 33.598978][ T583] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 33.621412][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 586] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 586] close(3) = 0
[pid 586] mkdir("./file0", 0777) = 0
[pid 586] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 586] chdir("./file0") = 0
[pid 586] ioctl(4, LOOP_CLR_FD) = 0
[pid 586] close(4) = 0
[pid 586] creat("./bus", 000) = 4
[pid 586] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 586] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 586] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 586] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 33.643463][ T586] loop0: detected capacity change from 0 to 2048
[ 33.659695][ T586] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.676046][ T586] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 586] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 586] exit_group(0) = ?
[pid 586] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=586, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./91/binderfs") = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 590
./strace-static-x86_64: Process 590 attached
[pid 590] set_robust_list(0x555557505660, 24) = 0
[pid 590] chdir("./92") = 0
[pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 590] setpgid(0, 0) = 0
[pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 590] write(3, "1000", 4) = 4
[pid 590] close(3) = 0
[pid 590] symlink("/dev/binderfs", "./binderfs") = 0
[pid 590] memfd_create("syzkaller", 0) = 3
[pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 590] munmap(0x7fc743815000, 1048576) = 0
[pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 590] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 590] close(3) = 0
[pid 590] mkdir("./file0", 0777) = 0
[ 33.688294][ T586] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 33.708432][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 33.733678][ T590] loop0: detected capacity change from 0 to 2048
[pid 590] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 590] chdir("./file0") = 0
[pid 590] ioctl(4, LOOP_CLR_FD) = 0
[pid 590] close(4) = 0
[pid 590] creat("./bus", 000) = 4
[pid 590] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 590] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 590] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 590] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 590] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 590] exit_group(0) = ?
[pid 590] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=590, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./92/binderfs") = 0
[ 33.750030][ T590] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.766625][ T590] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 33.778907][ T590] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 593
./strace-static-x86_64: Process 593 attached
[pid 593] set_robust_list(0x555557505660, 24) = 0
[pid 593] chdir("./93") = 0
[pid 593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 593] setpgid(0, 0) = 0
[pid 593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 593] write(3, "1000", 4) = 4
[pid 593] close(3) = 0
[pid 593] symlink("/dev/binderfs", "./binderfs") = 0
[pid 593] memfd_create("syzkaller", 0) = 3
[pid 593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 593] munmap(0x7fc743815000, 1048576) = 0
[pid 593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 593] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 593] close(3) = 0
[pid 593] mkdir("./file0", 0777) = 0
[ 33.806310][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 33.841579][ T593] loop0: detected capacity change from 0 to 2048
[pid 593] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 593] chdir("./file0") = 0
[pid 593] ioctl(4, LOOP_CLR_FD) = 0
[pid 593] close(4) = 0
[pid 593] creat("./bus", 000) = 4
[pid 593] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 593] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 593] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 593] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 593] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 593] exit_group(0) = ?
[pid 593] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=593, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./93/binderfs") = 0
[ 33.859853][ T593] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.878896][ T593] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 33.891157][ T593] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 596
./strace-static-x86_64: Process 596 attached
[pid 596] set_robust_list(0x555557505660, 24) = 0
[pid 596] chdir("./94") = 0
[pid 596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 596] setpgid(0, 0) = 0
[pid 596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 596] write(3, "1000", 4) = 4
[pid 596] close(3) = 0
[pid 596] symlink("/dev/binderfs", "./binderfs") = 0
[pid 596] memfd_create("syzkaller", 0) = 3
[pid 596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 596] munmap(0x7fc743815000, 1048576) = 0
[pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.914071][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 596] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 596] close(3) = 0
[pid 596] mkdir("./file0", 0777) = 0
[pid 596] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 596] chdir("./file0") = 0
[pid 596] ioctl(4, LOOP_CLR_FD) = 0
[pid 596] close(4) = 0
[pid 596] creat("./bus", 000) = 4
[pid 596] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 596] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 596] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 596] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 33.957127][ T596] loop0: detected capacity change from 0 to 2048
[ 33.969830][ T596] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 33.986926][ T596] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 596] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 596] exit_group(0) = ?
[pid 596] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=596, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./94/binderfs") = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 599
./strace-static-x86_64: Process 599 attached
[pid 599] set_robust_list(0x555557505660, 24) = 0
[pid 599] chdir("./95") = 0
[pid 599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 599] setpgid(0, 0) = 0
[pid 599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 599] write(3, "1000", 4) = 4
[pid 599] close(3) = 0
[pid 599] symlink("/dev/binderfs", "./binderfs") = 0
[pid 599] memfd_create("syzkaller", 0) = 3
[pid 599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 599] munmap(0x7fc743815000, 1048576) = 0
[pid 599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 599] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 599] close(3) = 0
[pid 599] mkdir("./file0", 0777) = 0
[ 33.999586][ T596] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.021783][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 34.045774][ T599] loop0: detected capacity change from 0 to 2048
[pid 599] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 599] chdir("./file0") = 0
[pid 599] ioctl(4, LOOP_CLR_FD) = 0
[pid 599] close(4) = 0
[pid 599] creat("./bus", 000) = 4
[pid 599] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 599] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 599] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 599] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 599] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 599] exit_group(0) = ?
[pid 599] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=599, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./95/binderfs") = 0
[ 34.059999][ T599] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.076792][ T599] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 34.089325][ T599] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 602
./strace-static-x86_64: Process 602 attached
[pid 602] set_robust_list(0x555557505660, 24) = 0
[pid 602] chdir("./96") = 0
[pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 602] setpgid(0, 0) = 0
[pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 602] write(3, "1000", 4) = 4
[pid 602] close(3) = 0
[pid 602] symlink("/dev/binderfs", "./binderfs") = 0
[pid 602] memfd_create("syzkaller", 0) = 3
[pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 602] munmap(0x7fc743815000, 1048576) = 0
[pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 602] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 602] close(3) = 0
[pid 602] mkdir("./file0", 0777) = 0
[pid 602] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 602] chdir("./file0") = 0
[pid 602] ioctl(4, LOOP_CLR_FD) = 0
[pid 602] close(4) = 0
[pid 602] creat("./bus", 000) = 4
[pid 602] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 602] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 602] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[ 34.111147][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 34.136355][ T602] loop0: detected capacity change from 0 to 2048
[ 34.149716][ T602] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 602] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 602] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 602] exit_group(0) = ?
[pid 602] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=602, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./96/binderfs") = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 605
./strace-static-x86_64: Process 605 attached
[pid 605] set_robust_list(0x555557505660, 24) = 0
[pid 605] chdir("./97") = 0
[pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 605] setpgid(0, 0) = 0
[pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 605] write(3, "1000", 4) = 4
[pid 605] close(3) = 0
[pid 605] symlink("/dev/binderfs", "./binderfs") = 0
[pid 605] memfd_create("syzkaller", 0) = 3
[pid 605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 605] munmap(0x7fc743815000, 1048576) = 0
[pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.166719][ T602] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 34.179496][ T602] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.201363][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 605] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 605] close(3) = 0
[pid 605] mkdir("./file0", 0777) = 0
[pid 605] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 605] chdir("./file0") = 0
[pid 605] ioctl(4, LOOP_CLR_FD) = 0
[pid 605] close(4) = 0
[pid 605] creat("./bus", 000) = 4
[pid 605] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 605] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 605] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 605] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.225570][ T605] loop0: detected capacity change from 0 to 2048
[ 34.239731][ T605] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.258299][ T605] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 605] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 605] exit_group(0) = ?
[pid 605] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=605, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./97/binderfs") = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./97/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 608
./strace-static-x86_64: Process 608 attached
[pid 608] set_robust_list(0x555557505660, 24) = 0
[pid 608] chdir("./98") = 0
[pid 608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 608] setpgid(0, 0) = 0
[pid 608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 608] write(3, "1000", 4) = 4
[pid 608] close(3) = 0
[pid 608] symlink("/dev/binderfs", "./binderfs") = 0
[pid 608] memfd_create("syzkaller", 0) = 3
[pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[ 34.270930][ T605] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.291710][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 608] munmap(0x7fc743815000, 1048576) = 0
[pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 608] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 608] close(3) = 0
[pid 608] mkdir("./file0", 0777) = 0
[pid 608] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 608] chdir("./file0") = 0
[pid 608] ioctl(4, LOOP_CLR_FD) = 0
[pid 608] close(4) = 0
[pid 608] creat("./bus", 000) = 4
[pid 608] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 608] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 608] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 608] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.319288][ T608] loop0: detected capacity change from 0 to 2048
[ 34.329631][ T608] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.349233][ T608] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 608] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 608] exit_group(0) = ?
[pid 608] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=608, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./98/binderfs") = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 611
./strace-static-x86_64: Process 611 attached
[pid 611] set_robust_list(0x555557505660, 24) = 0
[pid 611] chdir("./99") = 0
[pid 611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 611] setpgid(0, 0) = 0
[pid 611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 611] write(3, "1000", 4) = 4
[pid 611] close(3) = 0
[pid 611] symlink("/dev/binderfs", "./binderfs") = 0
[pid 611] memfd_create("syzkaller", 0) = 3
[pid 611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 611] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 611] munmap(0x7fc743815000, 1048576) = 0
[pid 611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 611] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 611] close(3) = 0
[pid 611] mkdir("./file0", 0777) = 0
[ 34.361732][ T608] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.382494][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 34.409228][ T611] loop0: detected capacity change from 0 to 2048
[pid 611] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 611] chdir("./file0") = 0
[pid 611] ioctl(4, LOOP_CLR_FD) = 0
[pid 611] close(4) = 0
[pid 611] creat("./bus", 000) = 4
[pid 611] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 611] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 611] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 611] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.420044][ T611] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.444936][ T611] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 611] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 611] exit_group(0) = ?
[pid 611] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=611, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./99/binderfs") = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 614
./strace-static-x86_64: Process 614 attached
[pid 614] set_robust_list(0x555557505660, 24) = 0
[pid 614] chdir("./100") = 0
[pid 614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 614] setpgid(0, 0) = 0
[pid 614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 614] write(3, "1000", 4) = 4
[pid 614] close(3) = 0
[pid 614] symlink("/dev/binderfs", "./binderfs") = 0
[pid 614] memfd_create("syzkaller", 0) = 3
[pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 614] munmap(0x7fc743815000, 1048576) = 0
[pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 614] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 614] close(3) = 0
[pid 614] mkdir("./file0", 0777) = 0
[ 34.457449][ T611] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.477885][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 34.508268][ T614] loop0: detected capacity change from 0 to 2048
[pid 614] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 614] chdir("./file0") = 0
[pid 614] ioctl(4, LOOP_CLR_FD) = 0
[pid 614] close(4) = 0
[pid 614] creat("./bus", 000) = 4
[pid 614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 614] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 614] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 614] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 614] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 614] exit_group(0) = ?
[pid 614] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=614, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./100/binderfs") = 0
[ 34.520015][ T614] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.538104][ T614] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 34.550612][ T614] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 617
./strace-static-x86_64: Process 617 attached
[pid 617] set_robust_list(0x555557505660, 24) = 0
[pid 617] chdir("./101") = 0
[pid 617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 617] setpgid(0, 0) = 0
[pid 617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 617] write(3, "1000", 4) = 4
[pid 617] close(3) = 0
[pid 617] symlink("/dev/binderfs", "./binderfs") = 0
[pid 617] memfd_create("syzkaller", 0) = 3
[pid 617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 617] munmap(0x7fc743815000, 1048576) = 0
[pid 617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 617] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 617] close(3) = 0
[pid 617] mkdir("./file0", 0777) = 0
[ 34.573094][ T298] EXT4-fs (loop0): unmounting filesystem.
[ 34.609807][ T617] loop0: detected capacity change from 0 to 2048
[pid 617] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 617] chdir("./file0") = 0
[pid 617] ioctl(4, LOOP_CLR_FD) = 0
[pid 617] close(4) = 0
[pid 617] creat("./bus", 000) = 4
[pid 617] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 617] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 617] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 617] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[pid 617] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 617] exit_group(0) = ?
[pid 617] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=617, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./101/binderfs") = 0
[ 34.619805][ T617] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.636590][ T617] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 34.649010][ T617] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 620
./strace-static-x86_64: Process 620 attached
[pid 620] set_robust_list(0x555557505660, 24) = 0
[pid 620] chdir("./102") = 0
[pid 620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 620] setpgid(0, 0) = 0
[pid 620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 620] write(3, "1000", 4) = 4
[pid 620] close(3) = 0
[pid 620] symlink("/dev/binderfs", "./binderfs") = 0
[pid 620] memfd_create("syzkaller", 0) = 3
[pid 620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 620] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 620] munmap(0x7fc743815000, 1048576) = 0
[pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.669487][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 620] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 620] close(3) = 0
[pid 620] mkdir("./file0", 0777) = 0
[pid 620] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 620] chdir("./file0") = 0
[pid 620] ioctl(4, LOOP_CLR_FD) = 0
[pid 620] close(4) = 0
[pid 620] creat("./bus", 000) = 4
[pid 620] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 620] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 620] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 620] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.701970][ T620] loop0: detected capacity change from 0 to 2048
[ 34.719719][ T620] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.736996][ T620] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 620] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 620] exit_group(0) = ?
[pid 620] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=620, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./102/binderfs") = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 624 attached
<unfinished ...>
[pid 624] set_robust_list(0x555557505660, 24) = 0
[pid 624] chdir("./103") = 0
[pid 624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 624] setpgid(0, 0) = 0
[pid 624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 624] write(3, "1000", 4) = 4
[pid 624] close(3) = 0
[pid 624] symlink("/dev/binderfs", "./binderfs") = 0
[pid 624] memfd_create("syzkaller", 0) = 3
[pid 624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 624
[pid 624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 624] munmap(0x7fc743815000, 1048576) = 0
[pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.749255][ T620] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.769807][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 624] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 624] close(3) = 0
[pid 624] mkdir("./file0", 0777) = 0
[pid 624] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 624] chdir("./file0") = 0
[pid 624] ioctl(4, LOOP_CLR_FD) = 0
[pid 624] close(4) = 0
[pid 624] creat("./bus", 000) = 4
[pid 624] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 624] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 624] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 624] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.795483][ T624] loop0: detected capacity change from 0 to 2048
[ 34.809862][ T624] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 624] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 624] exit_group(0) = ?
[pid 624] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=624, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./103/binderfs") = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 627
./strace-static-x86_64: Process 627 attached
[pid 627] set_robust_list(0x555557505660, 24) = 0
[pid 627] chdir("./104") = 0
[pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 627] setpgid(0, 0) = 0
[pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 627] write(3, "1000", 4) = 4
[pid 627] close(3) = 0
[pid 627] symlink("/dev/binderfs", "./binderfs") = 0
[pid 627] memfd_create("syzkaller", 0) = 3
[pid 627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 627] munmap(0x7fc743815000, 1048576) = 0
[pid 627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.834174][ T624] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[ 34.846505][ T624] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.867045][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 627] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 627] close(3) = 0
[pid 627] mkdir("./file0", 0777) = 0
[pid 627] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 627] chdir("./file0") = 0
[pid 627] ioctl(4, LOOP_CLR_FD) = 0
[pid 627] close(4) = 0
[pid 627] creat("./bus", 000) = 4
[pid 627] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 627] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 627] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.891976][ T627] loop0: detected capacity change from 0 to 2048
[ 34.909813][ T627] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.926987][ T627] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 627] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 627] exit_group(0) = ?
[pid 627] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=627, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./104/binderfs") = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 630 attached
<unfinished ...>
[pid 630] set_robust_list(0x555557505660, 24) = 0
[pid 298] <... clone resumed>, child_tidptr=0x555557505650) = 630
[pid 630] chdir("./105") = 0
[pid 630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 630] setpgid(0, 0) = 0
[pid 630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 630] write(3, "1000", 4) = 4
[pid 630] close(3) = 0
[pid 630] symlink("/dev/binderfs", "./binderfs") = 0
[pid 630] memfd_create("syzkaller", 0) = 3
[pid 630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000
[pid 630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 630] munmap(0x7fc743815000, 1048576) = 0
[pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.939568][ T627] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor289: Invalid block bitmap block 4294967295 in block_group 0
[ 34.961429][ T298] EXT4-fs (loop0): unmounting filesystem.
[pid 630] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 630] close(3) = 0
[pid 630] mkdir("./file0", 0777) = 0
[pid 630] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 630] chdir("./file0") = 0
[pid 630] ioctl(4, LOOP_CLR_FD) = 0
[pid 630] close(4) = 0
[pid 630] creat("./bus", 000) = 4
[pid 630] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 630] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 630] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid 630] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_TRACING, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=-1, fd_array=0x20000800}, 128) = -1 EFAULT (Bad address)
[ 34.992578][ T630] loop0: detected capacity change from 0 to 2048
[ 35.009856][ T630] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.026311][ T630] EXT4-fs error (device loop0): ext4_xattr_ibody_get:619: inode #18: comm syz-executor289: corrupted in-inode xattr
[pid 630] write(4, "\xef", 1) = -1 ENOSPC (No space left on device)
[pid 630] exit_group(0) = ?
[pid 630] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=630, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555575066f0 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./105/binderfs") = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555750e730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555750e730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file0") = 0
getdents64(3, 0x5555575066f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557505650) = 633
./strace-static-x86_64: Process 633 attached
[pid 633] set_robust_list(0x555557505660, 24) = 0
[pid 633] chdir("./106") = 0
[pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 633] setpgid(0, 0) = 0
[pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 633] write(3, "1000", 4) = 4
[pid 633] close(3) = 0
[pid 633] symlink("/dev/binderfs", "./binderfs") = 0
[pid 633] memfd_create("syzkaller", 0) = 3
[pid 633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc743815000